Ysoserial

Ysoserial is a cyberattack tool for exploiting Java deserialization vulnerabilities. Ysoserial includes a collection of utilities and property-oriented programming “gadget chains” discovered in standard java and .NET libraries that can, under the right conditions, exploit Java and .NET applications performing unsafe deserialization of objects. Ysoserial’s modules are referred to as payloads. Each payload generates a serialized object which once instantiated, invokes some kind of action. Serialization (and the reverse process — deserialization) is a feature of many programming languages that enables developers to convert objects to a unique, binary form for transportation and storage.

Want to learn more? Check out our FREE Bugcrowd University to sharpen your hacking skills.

Organizations the world over need your help! Join our researcher community to connect with hundreds of organization programs focused on finding their security vulnerabilities. Our vast directory includes programs for all skill levels, across many industries and from around the world.