Since 2015 when java deserialization was a major threat, lots of patches and improvements has been introduced. How to approach testing for java serialization to achieve best results? How do you use ysoserial properly? Learn it from the below article.

The article is based on talks I gave recently on Polish conferences — OhMyHack, The Hack Summit and also OWASP Poland online meetup.

There was not any new technique discovered, but I rather made a summary of current “state of art”. Moreover, I performed some reading of Ysoserial’s source code to see how each payload is meant to work, which…


If you’re looking for the good guys who are ready and able to hack you, need look no further. We professionally find vulnerabilities before the bad guys do.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store