Introduction Java deserialization vulnerabilities were discovered and disclosed in January 2015 by Gabriel Lawrence and Chris Frohoff. These serious vulnerabilities arise from the way in which Java deserializes serialized objects (see…
Recently, we tested a Web application with NTLM authentication. The authentication works correctly with any browser, but failed when inserting Burp Suite in the middle (with NTLM suitably configured). Sniffing with…