Course
This lab covers the exploitation of a serialization issue in Java using <code>ObjectInputStream</code> to unserialize a base64-encoded object. The exercise focuses on building your own gadgets without relying on ysoserial, culminating in gaining command execution through a crafted <code>java.util.HashMap</code>.
Skills covered
Injection
Included with PRO
Full course content
1 video
Common mistakes
Ready to practice?
Get access to this lab and 600+ hands-on exercises with a PRO subscription.
