Resources
People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!
- This article has a great description of the Apache Struts RCE that took over Equifax. McAfee does great research and work! :)
- Essentially, there is an issue with the parsing engine that deserializes objects.
- Anytime there is serialization or deserialization within a program, this is likely going to be riddled with bugs. Always attack the serialization. It may take time and a deep understanding of the system but it is worth-while!
