exploiting-insecure-deserialization

High-risk offensive security skill. Its stated purpose matches its capabilities, but those capabilities are explicitly to achieve RCE, trigger outbound callbacks, and validate impact on target systems. The main concern is not hidden malware but that this skill equips an AI agent with exploitation procedures, third-party exploit tooling, and exfiltration-style OAST flows that can be misused against real systems.

This module is a security testing tool that both detects serialized blobs and contains active exploit probes intended to confirm insecure deserialization (including a Python pickle that triggers os.system('nslookup ...') on the remote if unpickled). It is dual-use: useful for defenders and auditors, but potentially dangerous if run against systems without authorization. Key risks: active remote code execution payloads, disabled TLS verification, and lack of safeguards. No evidence of self-contained malware or obfuscated backdoors, but the active probe functions are explicit attack vectors and should only be used with permission.

This agent is a dual-use insecure deserialization detection tool that combines safe passive detection with high-impact active tests that create attacker-observable OOB callbacks. The code fragment description does not show hidden obfuscation or local credential theft, but includes intentionally malicious payload generation for detection which can be abused. Use only with explicit permission, restrict callback hosts and target scope, and add operational controls (authorization checks, logging, rate limits, passive-only mode) to reduce misuse risk.