Skip to content
MENU
MENU
Home
Courses
Log In
LAB 1A
Log in
or
Register
to view this lesson.
Introduction and setup
1 - Overview
2 - Setup & Course files
Module 1 – Java Serialization
3 - Java Essentials and Terminology
4 - Java Serialization
5 - LAB 1A
6 - Java Deserialization Attacks
7 - LAB 1B
8 - Java Deserialization Under The Hood
9 - LAB 1C
10 - Module 1 – Quiz
11 - Module 1 – Summary
Module 2 – Exploitation of Java Deserialization vulnerabilities
12 - Building a Gadget Chain
13 - LAB 2A
14 - Advanced Gadgets: Trampolines
15 - Case Study: JSF Viewstate
16 - LAB 2B
17 - Module 2 – Quiz
18 - Module 2 – Summary
19 - BONUS: The Commons Collections Gadget Chain Step-by-step
Module 3 – Expression Language
20 - What is Expression Language?
21 - Remote Code Execution via Expression Language
22 - Case Study: RichFaces
23 - LAB 3A
24 - EL Injection in Richfaces
25 - LAB 3B & 3C
26 - Module 3 – Quiz
27 - Module 3 – Summary
Module 4 – Stacktraces
28 - Reading Stack Traces
29 - LAB 4
30 - Module 4 – Quiz
Module 5 – Exploiting the JSF framework
31 - Apache MyFaces
32 - LAB 5.1
33 - Apache MyFaces Viewstate Encryption
34 - LAB 5.2
35 - Module 5 – Quiz
36 - Module 5 – Summary
Module 6.1 – JDWP
37 - Remote Code Execution with JDWP
38 - LAB 6.1A
39 - LAB 6.1B
40 - Discovering JDWP on the Network
41 - Module 6.1 – Quiz
Module 6.2 – JMX/RMI
42 - What is JMX/RMI?
43 - LAB 6.2A
44 - LAB 6.2B
45 - JMX/RMI Exploitation
46 - Authentication mechanisms
47 - Module 6.2 – Quiz