> For the complete documentation index, see [llms.txt](https://ps.desdes.xyz/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://ps.desdes.xyz/insecure-deserialization.md).

# Insecure deserialization

- [Lab: Modifying serialized objects](https://ps.desdes.xyz/insecure-deserialization/lab-modifying-serialized-objects.md)
- [Lab: Modifying serialized data types](https://ps.desdes.xyz/insecure-deserialization/lab-modifying-serialized-data-types.md)
- [Lab: Using application functionality to exploit insecure deserialization](https://ps.desdes.xyz/insecure-deserialization/lab-using-application-functionality-to-exploit-insecure-deserialization.md)
- [Lab: Arbitrary object injection in PHP](https://ps.desdes.xyz/insecure-deserialization/lab-arbitrary-object-injection-in-php.md)
- [Lab: Exploiting Java deserialization with Apache Commons](https://ps.desdes.xyz/insecure-deserialization/lab-exploiting-java-deserialization-with-apache-commons.md)
- [Lab: Exploiting PHP deserialization with a pre-built gadget chain](https://ps.desdes.xyz/insecure-deserialization/lab-exploiting-php-deserialization-with-a-pre-built-gadget-chain.md)
- [Lab: Exploiting Ruby deserialization using a documented gadget chain](https://ps.desdes.xyz/insecure-deserialization/lab-exploiting-ruby-deserialization-using-a-documented-gadget-chain.md)
- [Lab: Developing a custom gadget chain for Java deserialization](https://ps.desdes.xyz/insecure-deserialization/lab-developing-a-custom-gadget-chain-for-java-deserialization.md)
- [Lab: Developing a custom gadget chain for PHP deserialization](https://ps.desdes.xyz/insecure-deserialization/lab-developing-a-custom-gadget-chain-for-php-deserialization.md)
- [Lab: Using PHAR deserialization to deploy a custom gadget chain](https://ps.desdes.xyz/insecure-deserialization/lab-using-phar-deserialization-to-deploy-a-custom-gadget-chain.md)
