PHP deserialisation gadgets TL;DR: POP chains via __wakeup / __destruct / __toString in app classes and Composer packages. Stub — to be filled in. What it is TODO Preconditions / where it applies TODO Technique TODO Detection and defence TODO References TODO