Day 73 comes with a write up source on Remote Code execution on Citrix and Deserialization learnings from Portswigger.
Remote Code Execution in Citrix ADC
Learning Deserialization with Portswigger Academy
From Sam (CoffeeJunkie). It’s been two weeks with few bugs and couple duplicates. Thinking that my mind approach in a target might get expand once I obtain more knowledge stays as a good possibility. Therefore, looking at PortSwigger Academy, it looked like some kind of good approach to learn from basics, to medium and some advance mather. This week I spent some time completing Insecure deserialization which provides an understandable explanation to desearlization attacks with hands on practice in couple labs.
Takeaway from Insecure Deserialization from PortSwigger
First of all, deserialization being understood as some kind of complex vulnearbility, PortSwigger makes it understandable and practical even at the time to read source code, therefore the following things are outstanding:
- Clear and simplified information.
- Harder challenges as the student understand the topic.
- Clear solutions and explanations.
- Usage of source code to explain vulnerabilities.
- Explanation of different tools and Burp Pluggins.
That’s it for today ladies and gentlemen, do not stop learning, give it a shot to PortSwigger Academy.