# Insecure deserialization

- [Lab: Modifying serialized objects](/insecure-deserialization/lab-modifying-serialized-objects.md)
- [Lab: Modifying serialized data types](/insecure-deserialization/lab-modifying-serialized-data-types.md)
- [Lab: Using application functionality to exploit insecure deserialization](/insecure-deserialization/lab-using-application-functionality-to-exploit-insecure-deserialization.md)
- [Lab: Arbitrary object injection in PHP](/insecure-deserialization/lab-arbitrary-object-injection-in-php.md)
- [Lab: Exploiting Java deserialization with Apache Commons](/insecure-deserialization/lab-exploiting-java-deserialization-with-apache-commons.md)
- [Lab: Exploiting PHP deserialization with a pre-built gadget chain](/insecure-deserialization/lab-exploiting-php-deserialization-with-a-pre-built-gadget-chain.md)
- [Lab: Exploiting Ruby deserialization using a documented gadget chain](/insecure-deserialization/lab-exploiting-ruby-deserialization-using-a-documented-gadget-chain.md)
- [Lab: Developing a custom gadget chain for Java deserialization](/insecure-deserialization/lab-developing-a-custom-gadget-chain-for-java-deserialization.md)
- [Lab: Developing a custom gadget chain for PHP deserialization](/insecure-deserialization/lab-developing-a-custom-gadget-chain-for-php-deserialization.md)
- [Lab: Using PHAR deserialization to deploy a custom gadget chain](/insecure-deserialization/lab-using-phar-deserialization-to-deploy-a-custom-gadget-chain.md)