I have been reading about the Java deserialization vulnerability which leads to Remote Code Execution attack. Many public exploits are even available to do the attack.
I didn't find any tutorial describing on how does an attacker exploit the vulnerability. If I make a deserialization program, then how can I exploit it to perform RCE?