This course details the exploitation of a Spring application that uses serialised Java objects. When a Java application unserialises arbitrary data, it is possible for an attacker to trigger unexpected behaviours in the application and even gain command execution.

Liens
https://fr.slideshare.net/codewhitesec/exploiting-deserialization-vulnerabilities-in-java-54707478
http://blog.securelayer7.net/thick-client-penetration-testing-3javadeserialization-exploit-rce/
https://github.com/frohoff/ysoserial