Custom Java Deserialization Exploit - Serial Snyker
Offered By: John Hammond via YouTube
Course Description
Overview
Explore a comprehensive tutorial on exploiting Java deserialization vulnerabilities in the "Serial Snyker" challenge from Snyk Fetch the Flag. Learn to analyze source code, use Snyk for vulnerability detection, create custom exploits, achieve remote code execution, and build reverse shell scripts. Gain insights into Docker instance specifications, website probing techniques, and packaging exploits for successful attacks. Conclude with final thoughts on the challenge and its implications for Java application security.
Syllabus
- Serial Snyker
- Challenge Explaination
- Challenge Start
- Docker Instance Specs
- Source Code Exploration
- Begin Poking at Website
- Using Snyk
- Searching for insecure deserialization vulnerabilities
- Creating an exploit
- Packaging
- Remote Code Execution!
- Building reverse shell script
- Final thoughts
- Thank You, Snyk
Taught by
John Hammond
Related Courses
CNIT 127: Exploit DevelopmentCNIT - City College of San Francisco via Independent Reverse Engineering and Exploit Development
Udemy Penetration Testing: Advanced Kali Linux
LinkedIn Learning Linux x86 Assembly and Shellcoding
Udemy Python : Sıfırdan İleri Seviyeye - Etik Hacker Örnekleriyle
Udemy