1nhann / java_ser_format
Just mindmapping according to official document ( useful for further study )
☆26Updated 2 years ago
Alternatives and similar repositories for java_ser_format:
Users that are interested in java_ser_format are comparing it to the libraries listed below
- A IntelliJ Plugin for Tabby to Find Vulnerabilities Easily☆32Updated 3 months ago
- 在spring-aop中新发现的反序列化gadget-chain☆43Updated last month
- My security presentations☆28Updated last year
- 编译原理学习代码仓库☆23Updated 3 years ago
- [fastjson 1.2.80] CVE-2022-25845 aspectj fileread & groovy remote classload☆91Updated 2 years ago
- Automatically scan jar packages by using ast to find fastjson gadgets. In particular, this project is limited to mining Gadgets that may …☆50Updated 2 years ago
- Learning JAVA for Security☆31Updated 2 years ago
- cve-2022-34169 延伸出的Jdk Xalan的payload自动生成工具,可根据不同的Jdk生成出其所对应的xslt文件☆89Updated 2 years ago
- ☆28Updated last year
- java☆54Updated 2 years ago
- CVE-2021-43297 POC,Apache Dubbo<= 2.7.13时可以实现RCE☆38Updated 3 years ago
- 之前方便自己研究RASP原理和绕过时顺手写的,用于快速启动和重置RASP环境☆55Updated 4 months ago
- Hessian UTF-8 Overlong Encoding☆16Updated 11 months ago
- CVE-2020-4464 / CVE-2020-4450☆32Updated 3 years ago
- A vul-finder for loading CPG and automated finding vul-call-chains☆37Updated 4 months ago
- Tomcat的SPI后门☆8Updated last year
- ☆33Updated 2 years ago
- nativeRasp that can hook native methods☆24Updated last year
- Java 内存马生成插件☆50Updated last year
- The function of the tool is to inject JNDI through LDAP☆28Updated 3 years ago
- Netty/WebFlux 内存马☆24Updated last year
- Spring Cloud Netflix Hystrix Dashboard template resolution vulnerability CVE-2021-22053☆37Updated 2 years ago
- Show the application of fuzzy in penetration test~☆13Updated 2 years ago
- ☆17Updated last month
- 如何将Java反序列化Payload极致缩小☆48Updated 3 years ago
- 利用wasm静态免杀的demo☆16Updated 10 months ago
- ☆24Updated last month
- Spel-research☆26Updated 2 years ago
- 多组件客户端☆74Updated 5 months ago
- Thymeleaf SSTI Bypass☆11Updated 3 years ago