This is the code for my AppSec USA 2018 talk
The slides are here
The video recording is here
- OWASP - Deserialization of untrusted data
- Java Deserialization Cheat Sheet
- Java denial of service payloads
- What Do WebLogic, WebSphere, JBoss, Jenkins, OpenNMS, and Your Application Have in Common? This Vulnerability.
- Official statement regarding Apache Commons Collections deserialization vulnerability
- ysoserial
- CyberArk Password Vault Web Access Remote Code Execution
- ysoserial.net