site check

greyshell · greyshell · commit bca5dfc20c74 · 2024-09-28T01:30:09.000-07:00
diff --git a/.gitignore b/.gitignore
@@ -25,3 +25,5 @@ package-lock.json
 # Misc
 _sass/dist
 assets/js/dist
+
+.ruby-version
diff --git a/_config.yml b/_config.yml
@@ -9,37 +9,37 @@ theme: jekyll-theme-chirpy
 lang: en
 
 # Change to your timezone › https://kevinnovak.github.io/Time-Zone-Picker
-timezone:
+timezone: America/Los_Angeles
 
 # jekyll-seo-tag settings › https://github.com/jekyll/jekyll-seo-tag/blob/master/docs/usage.md
 # ↓ --------------------------
 
-title: Chirpy # the main title
+title: Greyshell's Diary # the main title
 
-tagline: A text-focused Jekyll theme # it will display as the subtitle
+tagline: Slip through the cracks # it will display as the subtitle
 
 description: >- # used by seo meta and the atom feed
   A minimal, responsive and feature-rich Jekyll theme for technical writing.
 
 # Fill in the protocol & hostname for your site.
 # E.g. 'https://username.github.io', note that it does not end with a '/'.
-url: ""
+url: "https://greyshell.github.io"
 
 github:
-  username: github_username # change to your GitHub username
+  username: greyshell # change to your GitHub username
 
 twitter:
   username: twitter_username # change to your Twitter username
 
 social:
   # Change to your full name.
   # It will be displayed as the default author of the posts and the copyright owner in the Footer
-  name: your_full_name
+  name: Abhijit Sinha
   email: example@domain.com # change to your email address
   links:
     # The first element serves as the copyright owner's link
-    - https://twitter.com/username # change to your Twitter homepage
-    - https://github.com/username # change to your GitHub homepage
+    - https://twitter.com/greyshell__ # change to your Twitter homepage
+    - https://github.com/greyshell # change to your GitHub homepage
     # Uncomment below to add more social links
     # - https://www.facebook.com/username
     # - https://www.linkedin.com/in/username
diff --git a/_posts/2019-11-22-insecure_deserialization_java.md b/_posts/2019-11-22-insecure_deserialization_java.md
@@ -0,0 +1,25 @@
+---
+title: "Insecure Deserialization in Java"
+date: 2019-11-22 22:17:55 -0800
+categories: [web_security]
+tags: [java, insecure_deserialization]     # TAG names should always be lowercase
+---
+
+I was always curious about how the actual remote code execution occurs during the Insecure Deserialization process. So I thought of giving a try to understand the known harmful `gadgets` from `commons-collections-3.2.2.jar` and develop the entire chain from scratch.
+
+<!-- more -->
+
+## Serialization
+
+The process of converting the `state` of object into stream of bytes is called `serialization`.
+
+The purpose of serialization is to save the object’s state to the file system or transmit it over the network for future use.
+
+### Serialization in Java
+
+> - `Serializable` is a `marker interface`.
+> - It has no `data member` and `method`.
+> - It is only used to `mark` java classes so that objects of these type of classes may get a certain `capability`.
+
+
+Create a `User` class and make it `serializable`.
