CUSTOM Java Deserialization Exploit - Serial Snyker

Read ALL the solutions and writeups from the Snyk Fetch the Flag! ➡ https://jh.live/snyk-fetch Help the channel grow with a Like, Comment, & Subscribe! ❤️ Support ➡ https://jh.live/patreon ↔ https://jh.live/paypal ↔ https://jh.live/buymeacoffee Check out the affiliates below for more free or discounted learning! 🖥️ Zero-Point Security ➡ Certified Red Team Operator https://jh.live/crto 💻Zero-Point Security ➡ C2 Development with C# https://jh.live/c2dev 🐜Zero2Automated ➡ Ultimate Malware Reverse Engineering https://jh.live/zero2auto ⛳Point3 ESCALATE ➡ Top-Notch Capture the Flag Training https://jh.live/escalate 👨🏻💻7aSecurity ➡ Hacking Courses & Pentesting https://jh.live/7asecurity 📗Humble Bundle ➡ https://jh.live/humblebundle 🐶Snyk ➡ https://jh.live/snyk 🤹♀️SkillShare ➡ https://jh.live/skillshare 🌎Follow me! ➡ https://jh.live/discord ↔ https://jh.live/twitter ↔ https://jh.live/linkedin ↔ https://jh.live/instagram ↔ https://jh.live/tiktok Timestamps: 00:00 - Serial Snyker 00:33 - Challenge Explaination 01:03 - Challenge Start 01:53 - Docker Instance Specs 02:22 - Source Code Exploration 05:37 - Begin Poking at Website 06:39 - Using Snyk 10:14 - Searching for insecure deserialization vulnerabilities 12:15 - Creating an exploit 20:16 - Packaging 21:47 - Remote Code Execution! 24:32 - Building reverse shell script 27:01 - Final thoughts 28:09 - Thank You, Snyk 📧Contact me! (I may be very slow to respond or completely unable to) 🤝Sponsorship Inquiries ➡ https://johnhammond.llc/sponsor 🚩 CTF Hosting Requests ➡ https://johnhammond.llc/sponsor 🎤 Speaking Requests ➡ https://johnhammond.llc/sponsor 💥 Malware Submission ➡ https://jh.live/malware ❓ Everything Else ➡ https://jh.live/etc