API to Shell This exercise covers the exploitation of PHP type confusion to bypass a signature and the exploitation of unserialize. A weakness in a signature check due to PHP type confusion. A call to PHP unserialize. From PentesterLab serialize badge.