NotSoCereal-Lab: A Deserialization exploit playground

Deserialization issues are the newest trend in Information Security. They rose to fame with the infamous Java deserialization bugs, however, the issues are not just limited to one language. Serialization and Deserialization are common actions and are performed by almost all modern languages.

As big of a news as these issues are, there is a serious lack of playgrounds for honing your skill in such topics. This is where NotSoCereal comes into picture.

NotSoCereal is an exploitation playground for Deserialization issues and at this point it contains issues in Java, PHP, and Python. We are working on bringing more languages to the fold.

Deployment

• Download Virtual Machine
  • SHA256: 815B8A014F999465E790F242A786D7FC19E48B0C7826A6462A8FA562FDAFD549
• Deployment Guide

Answersheet

• Java Deserialization
• PHP Deserialization
• Python Deserialization
• Node Deserialization

Contributors

• Author

  • Sanjay Gondaliya

• Contributor

  • Rohit Salecha
  • Savan Gadhiya
  • Vivek Mahajan
  • Abeer Banerjee
  • Anant Shrivastava