← LibraryTechnique entry
W-DESER-PICKLEExecution
Deserialization — Python pickle
pickle.loads on attacker bytes — __reduce__ trivially returns (os.system, ('cmd',)) → RCE.
§ Where this technique fits
W-DESER-PICKLE is catalogued under the Execution tactic of the offensive-security kill-chain. It appears in 0 approved dossiers in the registry, typically.