bug-bounty622
facebook464
xss316
google152
rce105
microsoft98
apple66
csrf61
account-takeover54
web354
writeup51
exploit42
sqli41
cve37
ssrf35
cloudflare33
dos33
malware29
privilege-escalation29
defi28
smart-contract-vulnerability25
subdomain-takeover24
idor24
clickjacking23
ethereum23
smart-contract23
node22
access-control21
vulnerability-disclosure21
browser20
auth-bypass20
aws19
lfi19
remote-code-execution18
react17
reverse-engineering17
cloud17
oauth16
docker16
cors16
race-condition16
info-disclosure15
solidity14
authentication-bypass14
supply-chain13
phishing13
wordpress12
denial-of-service11
sql-injection11
delegatecall11
0
8/10
research
Researchers automated Java deserialization gadget chain discovery using LLM-driven analysis combined with static call graph analysis, discovering novel chains against WildFly and other application servers. The methodology uses WALA-based call graph construction, dynamic bytecode analysis for type confusion, and Claude Code to iteratively explore and validate gadget chains through a REST API query interface.
java-deserialization
gadget-chain
vulnerability-discovery
llm-automation
static-analysis
code-execution
ysoserial
wildfly
weblogic
jboss
websphere
jenkins
opennms
call-graph-analysis
bytecode-analysis
serializable
type-confusion
research
ysoserial
GadgetInspector
Claude Code
IBM Watson Libraries for Analysis (WALA)
CFR
Java ASM
FastAPI
SQLite
WildFly
WebLogic
WebSphere
JBoss
Jenkins
OpenNMS
Foxglove Security