Course
This lab teaches you how to exploit a serialization issue in Java by building your own gadgets without relying on ysoserial, focusing on the use of ObjectInputStream to unserialize arbitrary objects provided as base64-encoded data.
Skills covered
Injection
Included with PRO
Full course content
1 video
Common mistakes
Ready to practice?
Get access to this lab and 600+ hands-on exercises with a PRO subscription.
