Commit ef96cc3a authored by Quentin Rossettini's avatar Quentin Rossettini

added abstract

parent 374d0fc4
SSI Exam - Attack by JSON deserialization SSI Exam - Attack by JSON deserialization
==== ====
Content of the repository Abstract
---- ----
### Demo files In 2016, a lot of attacks using Java deserialization happened. Many turned to JSON libraries, thought to be safer. However no library can be fully trusted when used to deserialize untrusted data!
As long as there is enough space and that user-controlled types can be invoked, attackers will be able to start a gadget chain that can lead to the execution of arbitrary code.
Write something here If you absolutely must deserialize untrusted data, make sure that you use a secure library with strict Type control ad that you never use user-controlled data for the deserializer expected type.
Write something here
### Presentation
Write something here
Write something here
Demo
----
### Attack Server
Write something here
#### LDAP server
Write something here
Write something here
#### Factor
Write something here
Write something here
### Victim Server
Write something here
### Spring boot
Write something here
### Deserialization vulnerability
Write something here
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment