SYSTEM NOMINAL ◆ DEFCON 32 RECAP OUT NOW ◆ NEW BOUNTY WRITEUP: $50K SSRF ◆ ZERO STATE PROTOCOL ACTIVATED ◆ NO SAFE HARBOR ◆ SYSTEM NOMINAL ◆ DEFCON 32 RECAP OUT NOW ◆ NEW BOUNTY WRITEUP: $50K SSRF ◆ ZERO STATE PROTOCOL ACTIVATED ◆ NO SAFE HARBOR ◆

CRITICAL

Chaining SSRF + Deserialization for $50,000: A Cloud Provider's Worst Nightmare

12/15/2024

$50,000

HackerOne — Major Cloud Provider

#ssrf#deserialization#java#rce#cloud

This is a sample writeup detailing how I chained SSRF with insecure deserialization…

[← BACK]