CUSTOM Java Deserialization Exploit – Serial Snyker

Read ALL the solutions and writeups from the Snyk Fetch the Flag! ➡ https://j-h.io/snyk-fetch

Help the channel grow with a Like, Comment, & Subscribe!
❤️ Support ➡ https://j-h.io/patreon ↔ https://j-h.io/paypal ↔ https://j-h.io/buymeacoffee
Check out the affiliates below for more free or discounted learning!
🖥️ Zero-Point Security ➡ Certified Red Team Operator https://j-h.io/crto
💻Zero-Point Security ➡ C2 Development with C# https://j-h.io/c2dev
🐜Zero2Automated ➡ Ultimate Malware Reverse Engineering https://j-h.io/zero2auto
⛳Point3 ESCALATE ➡ Top-Notch Capture the Flag Training https://j-h.io/escalate
👨🏻‍💻7aSecurity ➡ Hacking Courses & Pentesting https://j-h.io/7asecurity
📗Humble Bundle ➡ https://j-h.io/humblebundle
🐶Snyk ➡ https://j-h.io/snyk
🤹‍♀️SkillShare ➡ https://j-h.io/skillshare

🌎Follow me! ➡ https://j-h.io/discord ↔ https://j-h.io/twitter ↔ https://j-h.io/linkedin ↔ https://j-h.io/instagram ↔ https://j-h.io/tiktok

Timestamps:
00:00 – Serial Snyker
00:33 – Challenge Explaination
01:03 – Challenge Start
01:53 – Docker Instance Specs
02:22 – Source Code Exploration
05:37 – Begin Poking at Website
06:39 – Using Snyk
10:14 – Searching for insecure deserialization vulnerabilities
12:15 – Creating an exploit
20:16 – Packaging
21:47 – Remote Code Execution!
24:32 – Building reverse shell script
27:01 – Final thoughts
28:09 – Thank You, Snyk

📧Contact me! (I may be very slow to respond or completely unable to)
🤝Sponsorship Inquiries ➡ https://j-h.io/sponsorship
🚩 CTF Hosting Requests ➡ https://j-h.io/ctf
🎤 Speaking Requests ➡ https://j-h.io/speaking
💥 Malware Submission ➡ https://j-h.io/malware
❓ Everything Else ➡ https://j-h.io/etc