Friday the 13th: JSON Attacks


2016 was the year of Java deserialization apocalypse. Although Java Deserialization attacks were known for years, the publication of the Apache Commons Collection Remote Code Execution (RCE from now on) gadget finally brought this forgotten vulnerability to the spotlight and motivated the community to start finding and fixing these issues.

by Alvaro Muñoz & Oleksandr Mirosh

Full Abstract & Presentation Materials:

Friday the 13th: JSON Attacks Friday the 13th: JSON Attacks Reviewed by Dump3R H3id3gg3R on 11:37 AM Rating: 5

Disqus for gamers-youtube