深度 - Java 反序列化 Payload 之 JRE8u20
https://paper.seebug.org/456/

LCTF 2017 未解之谜:树莓派 Writeup(内附全部 Wp 链接)
https://zhuanlan.zhihu.com/p/31256263

Padding Oracle Attack实例分析
http://blog.zhaojie.me/2010/10/padding-oracle-attack-in-detail.html

A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages
https://www.blackhat.com/docs/us-17/thursday/us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-Languages.pdf