Shells in Your Serial – Exploiting Java Deserialization on JBoss

Shells in Your Serial - Exploiting Java Deserialization on JBoss Background I read a fantastic write-up by Stephen Breen of FoxGlove Security earlier this month describing a vulnerability, present in several common Java libraries, related to the deserialization of user input. His post goes fairly in depth into how the vulnerability works, so [...]