- Deserialization
- Java
- https://www.youtube.com/watch?v=VviY3O-euVQ
- https://i.blackhat.com/eu-19/Thursday/eu-19-Zhang-New-Exploit-Technique-In-Java-Deserialization-Attack.pdf
- https://owasp.org/www-community/vulnerabilities/Deserialization_of_untrusted_data
- https://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/
- Deserialization-cheatsheet
- https://www.youtube.com/watch?v=oZPZLiY2PeA
- https://securitylab.github.com/research/in-memory-data-grid-vulnerabilities
- NODEJS
- C#
- PHP
- Java
- php Type Juggling
- Advanced SQLi techniques
- Source Code Review
- Exploit development automation in prefered language
- dynamic analysis of web application
- Archam : Java Deserialization
- Falafel : PHP Type Juggling
- Zipper : API to RCE ( )
- HackBack : API to RCE
- Holiday : NodeJS Command Injection
- Fighter : Boolean SQLi to RCE
- Writeup : Time Base SQLI to RCE
- Unattended : Time Base SQLI to RCE
- Help : Time Base SQLI to RCE /File upload
- Ghoul : File upload
- ysoserial
- GadgetProbe
- NodeJSscan
- Frida-node
https://github.com/wetw0rk/AWAE-PREP
https://forum.hackthebox.eu/discussion/2646/oswe-exam-review-2020-notes-gifts-inside https://github.com/lirantal/awesome-nodejs-security