Are there any good resources that explain Java and .NET deserialization?
Последнее редактирование:
-
XSS.stack #1 – первый литературный журнал от юзеров форума
Deserialization
- Автор темы Ahmadz
- Дата начала
google? medium.com ? twitter (links to blog posts) ? conference slides, etc...
- Автор темы
- Добавить закладку
- #3
Most results I found explain the concept, discuss how to exploit or how to discover using automated tools, however I'm looking for manual ways to discover it from the code review side, like specific search via a notepad ++ for example after decompiling the java class , I already know how to do it in a certain class, but when the program has thousands of classes and tens of thousands of code lines it becomes a hectic job.