A look into how I discovered an RCE in TensorFlow/Keras caused by unsafe YAML deserialization, how it worked, and what I learned from it.

I often forget how to do this. So I’m posting it here so that I can come back when I need it (content poverty laughs from the corner).

Prerequisites:

1. Android Studio (or just the SDK tools if you’re a nerd)
2. Android Virtual Device (I don’t like Genymotion)
3. Python
4. Conda or any other environment manager (optional but recommended)

If the SDK binaries are not in your PATH environment variable, paste the following in your .bashrc or equivalent.

Introduction to Networks

First lesson. Foundation stuff. Network devices, clients, servers. Basic but important.

What Is a Network?

Devices (nodes) that can talk to each other and share stuff. That’s it.

Common network devices:

• Router
• Switch
• Firewall
• Server
• Client (End Host)

Clients and Servers

Client - asks for stuff. Your phone opening YouTube = client.

Server - gives you stuff. YouTube’s servers = server.

A device can be both. PC1 asks PC2 for a file → PC1 is client, PC2 is server. Roles flip depending on who’s asking.

I’m preparing for CCNA as part of switching role from software engineering to security. The resources I use for learning are:

1. Jeremy’s IT Lab
2. Anki Flashcards

The plan is simple. I watch Jeremy’s videos and summarize it using AI and post it here. This will be helpful for me if I need a quick refresh (an obvious lie, my memory is just too bad) of the stuff I learned.