from Hacker News

We show you how to build a demo and exploit Java Deserialization, using DNS to exfiltrate data and command results from network isolated components.

Copy of the contents here, skip the contact form: http://www.slideshare.net/TravisBiehn/cigitalexploitingjava

Grab a copy: https://www.cigital.com/resources/ebooks-and-whitepapers/java-deserialization-vulnerability/