Include Security

We're still seeing a lot of Ruby code out there in the tech world. If we see it we hack it! Latest blog post on advanced deserialization gadget chains for exploitation of Ruby applications is up.

https://blog.includesecurity.com/2024/03/discovering-deserialization-gadget-chains-in-rubyland/

Discovering Deserialization Gadget Chains in Rubyland - Include Security Research Blog

If you have ever looked at the source code of a Ruby deserialization gadget chain, I bet you've thought "what sorcery is this"?

Include Security Research Blog
Mar 13, 2024 at 6:53pmWeb
Show threadwrwMar 13, 2024

@IncludeSecurity

Oh, that's really going to save me some time. Thank you for publishing it.