Web Exploitation Insecure Deserialization: Exploiting PHP and Java Object Injection
How PHP unserialize and Java deserialization lead to RCE via magic methods and gadget chains, plus blue-team defenses.
Security Engineer's blog on Active Directory, Malware Analysis, and Offensive Security.
