We show you how to build a demo and exploit Java Deserialization, using DNS to exfiltrate data and command results from network isolated components.
Copy of the contents here, skip the contact form: http://www.slideshare.net/TravisBiehn/cigitalexploitingjava
Grab a copy: https://www.cigital.com/resources/ebooks-and-whitepapers/java-deserialization-vulnerability/