Web Hacking Premium

Insecure Deserialization

How a serialized blob from a cookie, queue, cache or model file turns into remote code execution. Every language's landmines: PHP magic methods plus phar://, Python pickle as RCE-by-design, Java ObjectInputStream plus ysoserial, .NET BinaryFormatter, Ruby Marshal, YAML. POP gadget chains, real breaches (Equifax, vBulletin, Sitecore), the OWASP A08:2021 reality, and the per-language safe migration.

Related Articles

Related Cheatsheets

4
exploitation

John the Ripper — Password Cracking

John the Ripper — versatile password cracker with hash extraction helpers for common file …

220 views
web-pentest

WPScan — WordPress Security Scanner

WPScan is a WordPress security scanner for finding vulnerabilities, weak passwords, and ex…

150 views
web-pentest

Gobuster — Directory & DNS Brute Force

Gobuster — fast brute-forcing tool for directories, DNS subdomains, virtual hosts, and S3 …

136 views
web-pentest

Nuclei — Fast Vulnerability Scanner

Nuclei is a fast, template-based vulnerability scanner for web apps, networks, and cloud i…

115 views

Related Courses

2
Intermediate

Web Application Penetration Testing

Master web hacking from recon to reporting

31 · 9.3h
Intermediate

Bug Bounty Hunting — From Recon to Bounty

The practical playbook for finding real bugs on real targets. Recon methodology, vulnerabi…

1 · 7.2h