When you're staring at a `rememberMe` cookie that starts with `rO0AB` or a POST body with `O:8:"ClassName"`, this is the playbook you load. It walks through traffic fingerprinting for Java, PHP, and Python deserialization, then covers the actual exploit chains: ysoserial for Java gadgets (CommonsCollections, Spring, the whole roster), PHPGGC for PHP magic methods, Shiro rememberMe with hardcoded keys, WebLogic T3, and Phar wrapper tricks. The URLDNS probe for safe confirmation is smart. The gadget chain version matrix saves you from trial and error hell. It knows the JDK 8u191 cutoff where remote class loading dies and you pivot to serialized gadgets over LDAP. This is the difference between finding `readObject()` and actually popping a shell.
npx skills add https://github.com/yaklang/hack-skills --skill deserialization-insecure