Include SecurityMar 13, 2024

We're still seeing a lot of Ruby code out there in the tech world. If we see it we hack it! Latest blog post on advanced deserialization gadget chains for exploitation of Ruby applications is up.

https://blog.includesecurity.com/2024/03/discovering-deserialization-gadget-chains-in-rubyland/

Discovering Deserialization Gadget Chains in Rubyland - Include Security Research Blog

If you have ever looked at the source code of a Ruby deserialization gadget chain, I bet you've thought "what sorcery is this"?

Include Security Research Blog
Show threadwrw

@IncludeSecurity

Oh, that's really going to save me some time. Thank you for publishing it.

Mar 13, 2024 at 7:03pmWeb