Check out this excellent writeup on an Apache OFBiz deserialization vuln from my coworker Dusan (I just reviewed the writeup):

This is essentially what one of the core parts of our N-day research reports looks like.

Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.