Serialize Badge

Serialization is currently one of the hot topic in web security. This badge covers the exploitation of serialization vulnerabilities in multiple languages

5

Exercises

1456

Completed this badge

5

CPEs

XMLDecoder

This exercise covers the exploitation of an application using XMLDecoder

Difficulty: EASY
  • 1 video
  • Java
  • Completed by 2460 students
  • Takes Less than an hour on average

CVE-2016-0792

This exercise covers the exploitation of an Xstream vulnerability in Jenkins

Difficulty: EASY
  • 1 video
  • Java/Tomcat
  • Completed by 2150 students
  • Takes Less than an hour on average

ObjectInputStream

This exercise covers the exploitation of a call to readObject in a Spring application

Difficulty: MEDIUM
  • 1 video
  • Java
  • Completed by 1993 students
  • Takes Less than an hour on average

CVE-2013-0156: Rails Object Injection

This exercise covers the exploitation of a code execution in Ruby-on-Rails using XML and YAML.

Difficulty: MEDIUM
  • 1 video
  • Rails
  • Completed by 1795 students
  • Takes Less than an hour on average

API to Shell

This exercise covers the exploitation of PHP type confusion to bypass a signature and the exploitation of unserialize.

Difficulty: HARD
  • 6 videos
  • PHP/Apache/Mysql
  • Completed by 1574 students
  • Takes Between 2 and 4 hours on average