YoVDO

Custom Java Deserialization Exploit - Serial Snyker

Offered By: John Hammond via YouTube

Tags

Ethical Hacking Courses Cybersecurity Courses Docker Courses Exploit Development Courses Snyk Courses Remote Code Execution Courses

Course Description

Overview

Explore a comprehensive tutorial on exploiting Java deserialization vulnerabilities in the "Serial Snyker" challenge from Snyk Fetch the Flag. Learn to analyze source code, use Snyk for vulnerability detection, create custom exploits, achieve remote code execution, and build reverse shell scripts. Gain insights into Docker instance specifications, website probing techniques, and packaging exploits for successful attacks. Conclude with final thoughts on the challenge and its implications for Java application security.

Syllabus

- Serial Snyker
- Challenge Explaination
- Challenge Start
- Docker Instance Specs
- Source Code Exploration
- Begin Poking at Website
- Using Snyk
- Searching for insecure deserialization vulnerabilities
- Creating an exploit
- Packaging
- Remote Code Execution!
- Building reverse shell script
- Final thoughts
- Thank You, Snyk


Taught by

John Hammond

Related Courses

CVE Series: Log4J (CVE-2021-44228)
Cybrary JavaScript Security
Infosec via Coursera Ivanti Avalanche Vulnerability: What You Should Know
Pluralsight Ivanti Connect Secure VPN Vulnerability: What You Should Know
Pluralsight OpenPrinting CUPS Remote Code Execution Exploit Chain: What You Should Know
Pluralsight