This is a comprehensive JNDI injection playbook that covers the full attack surface from Log4Shell to version-specific JDK bypasses. It walks through RMI and LDAP vectors, explains why LDAP works longer than RMI (8u191 vs 8u121), and details post-restriction bypasses via serialized gadgets and BeanFactory EL injection. The Log4j section is solid, with WAF evasion variants and real injection points across headers, parameters, and obscure fields. It includes marshalsec and ysoserial tooling commands you can actually run. The JDK version matrix and testing methodology are the kind of references you want open in a second terminal during an engagement. Treats JNDI as its own distinct problem rather than generic deserialization confusion.
npx skills add https://github.com/yaklang/hack-skills --skill jndi-injection