Discovering Deserialization Gadget Chains in Rubyland

Hello everyone! This month we have published a post focusing on providing example guidance for building custom gadget chains in Ruby to exploit vulnerable deserialization functions. Finding ways to pass user input into deserialization functions is always exciting, but what do you do if publicly documented gadget chains can't be used as a vehicle for exploitation? That's where our article comes in to shed some light on how the reader can build their own!

Discovering Deserialization Gadget Chains in Rubyland

submitted by /u/IncludeSec
[link] [comments]

from hacking: security in practice https://ift.tt/XMr3YIP

Comments