Mobile Application Security Labs 
Serial Notes

The challenge revolves around a fictitious note-taking app called Serial Notes. Serial Notes is designed to support markdown editing and has its own file format to share the notes.


This challenge focuses on the deserialization vulnerabilities demonstrating how attackers can exploit it to run a command or code on the victim's device.


Craft a payload exploiting the deserialization vulnerability within the Serial Notes app to execute arbitrary command.

Skills Required
  • Deserialization Understanding: Familiarity with the concept and implications of deserialization vulnerabilities in application security.
  • Basic knowledge of any hex editor and reverse engineering tools is helpful but not needed.

Course Lessons