Custom Java Deserialization Exploit - Serial Snyker
Offered By: John Hammond via YouTube
Course Description
Overview
Explore a comprehensive tutorial on exploiting Java deserialization vulnerabilities in the "Serial Snyker" challenge from Snyk Fetch the Flag. Learn to analyze source code, use Snyk for vulnerability detection, create custom exploits, achieve remote code execution, and build reverse shell scripts. Gain insights into Docker instance specifications, website probing techniques, and packaging exploits for successful attacks. Conclude with final thoughts on the challenge and its implications for Java application security.
Syllabus
- Serial Snyker
- Challenge Explaination
- Challenge Start
- Docker Instance Specs
- Source Code Exploration
- Begin Poking at Website
- Using Snyk
- Searching for insecure deserialization vulnerabilities
- Creating an exploit
- Packaging
- Remote Code Execution!
- Building reverse shell script
- Final thoughts
- Thank You, Snyk
Taught by
John Hammond
Related Courses
Computer SecurityStanford University via Coursera Cryptography II
Stanford University via Coursera Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera Building an Information Risk Management Toolkit
University of Washington via Coursera Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network