Home / Knowledge Base / Resources / Java-Deserialization-Cheat-Sheet
Java-Deserialization-Cheat-Sheet

Java-Deserialization-Cheat-Sheet

Pricing: Free
Write a Review Visit Website
Java-Deserialization-Cheat-Sheet

What is Java-Deserialization-Cheat-Sheet

ENISA Training Resources offers online training material for cybersecurity specialists, covering technical and artefact analysis fundamentals.

A Cheat Sheet for Pentesters: Understanding Deserialization Vulnerabilities

This cheat sheet is designed for pentesters and researchers focusing on deserialization vulnerabilities found in various Java (JVM) serialization libraries. The table of contents includes: Overview of Java Native Serialization (binary), Key talks, presentations, and documentation, Payload generators, Exploits, Methods to Detect Vulnerable Applications (without public exploits or requiring additional information), and Protection strategies.

For Android - Serialization and Deserialization Tools

XMLEncoder (XML), XStream (XML/JSON/various formats), Kryo (binary), Hessian/Burlap (binary/XML), Castor (XML), json-io (JSON), Jackson (JSON), Fastjson (JSON), Genson (JSON), Flexjson (JSON), Jodd (JSON), Red5 IO AMF (AMF), Apache Flex BlazeDS (AMF), Flamingo AMF (AMF), GraniteDS (AMF), WebORB for Java (AMF), SnakeYAML (YAML), jYAML (YAML), YamlBeans (YAML). 'Safe' deserialization techniques are critical for security. For more information, refer to the Java Deserialization Security FAQ from Foxgloves Security. This includes main talks, presentations, and documentation. Notable works include 'Marshalling Pickles' by @frohoff & @gebl, along with accompanying video slides. Additionally, check out 'Exploiting Deserialization Vulnerabilities in Java' by @matthias_kaiser, which includes a video presentation. Another resource is 'Serial Killer: Silently Pwning Your Java Endpoints' by @pwntester & @cschneider4711, featuring slides and a white paper on the topic. For a collection of bypass gadgets, see 'Bypass Gadget Collection.' Finally, 'Deserialize My Shorts' offers further insights.
 

Java-Deserialization-Cheat-Sheet Reviews

Write a Review

No reviews yet. Be the first to review this tool!

Write a Review

Share your experience with Java-Deserialization-Cheat-Sheet tool and help others make informed decisions.

Similar Tools

View All Knowledge Base
SANS Institute
Free
Resources

SANS Institute View SANS Institute

The SANS Institute is the world's most trusted and largest provider of information security training and certification. Committed to advancing cybersecurity, SANS offers an extensive, no-cost collection of research documents and operates the Internet Storm Center for early threat detection. Since its founding in 1989, SANS has empowered over 165,000 security professionals globally through collaborative learning and the development of practical solutions for complex information security challenges.

Industry-leading cybersecurity training and certification programs
Extensive and free repository of information security research documents
Operates the Internet Storm Center for real-time threat intelligence
Cybrary
Free
Resources

Cybrary View Cybrary

Cybrary is a premier open-source platform for cybersecurity and IT professionals, offering a comprehensive ecosystem for learning and skill development. Access an ever-expanding catalog of online courses, hands-on labs, and certification preparation materials designed to empower individuals and organizations in the fight against evolving cyber threats. Our curated Skill and Career Paths, coupled with threat-informed training, provide the essential knowledge and practical experience needed to excel in the dynamic cybersecurity landscape.

Open-source learning platform
Extensive catalog of cybersecurity and IT courses
Hands-on labs and experiential tools
YouTube
Free
Resources

YouTube

Level 400 training to become a Microsoft Sentinel Ninja.

Workshop Hacking Bluetooth Smart locks
Free
Resources

Workshop Hacking Bluetooth Smart locks

One of the oldest hacker conventions in America, offering a unique and personal experience.

Windows / Linux Local Privilege Escalation Workshop
Free
Resources

Windows / Linux Local Privilege Escalation Workshop

A practical guide to developing a comprehensive security monitoring and incident response strategy, covering incident response fundamentals, threat analysis, and data analysis.

Webhacking.kr
Free
Resources

Webhacking.kr

Archive of information, tools, and references regarding CTF competitions.