高版本Fastjson在Java原生反序列化中的利用演示
☆26Jan 12, 2025Updated last year
Alternatives and similar repositories for FastjsonInDeserializationDemo1
Users that are interested in FastjsonInDeserializationDemo1 are comparing it to the libraries listed below
Sorting:
- 使用 Docker 一键构建 JDK 源码的 CodeQL 数据库,方便使用 CodeQL 查找 JDK 中的数据。☆27May 14, 2025Updated 10 months ago
- 在spring-aop中新发现的反序列化gadget-chain☆52Jan 12, 2025Updated last year
- 基于多种策略, 对已有 JAR 包中的全限定类名进行变换, 无限生成高度相似的虚假类名☆18Jul 30, 2025Updated 7 months ago
- ctf awd比赛快速hook java题,提供一键流量转发,无痛修复☆56Mar 17, 2025Updated last year
- ☆79Nov 22, 2024Updated last year
- Attack Active Directory Trusts with a single tool☆14Jan 15, 2025Updated last year
- idea插件,快速生成反序列化中常用的方法,比如setFieldValue、createTemplatesImpl等☆29Oct 2, 2024Updated last year
- ☆22Feb 21, 2025Updated last year
- Extract entire function source code based on giving line number using Javaparser☆21Jul 15, 2025Updated 8 months ago
- 抽离出 utf-8-overlong-encoding 的序列化逻辑,实现 2 3 字节加密序列化数组☆140Mar 11, 2024Updated 2 years ago
- A vul-finder for loading CPG and automated finding vul-call-chains☆72Jul 22, 2025Updated 7 months ago
- ☆206Oct 27, 2025Updated 4 months ago
- Get sql server connection configuration information☆28Aug 26, 2024Updated last year
- 2025最新开发的ShellcodeLoader框架,用于AV检测策略分析的模块化 Shellcode 加载器框架,具备非常强大的静态混淆功能。☆25Jul 7, 2025Updated 8 months ago
- 用于快速启动tabby 分析漏洞或者gadget的环境☆94Jul 14, 2025Updated 8 months ago
- A C#-implemented malware that dynamically modifies its own hash upon each execution to evade detection.☆17Feb 3, 2025Updated last year
- A lightweight port-forwarding and socks proxy tool written in Rust 🦀☆52Jan 13, 2026Updated 2 months ago
- [ALL IN ONE] Everything that I shared to public about Cloud Security is here.☆61Apr 19, 2025Updated 11 months ago
- tsh多终端代理通信☆19Feb 26, 2025Updated last year
- generate facts from bytecode (source is https://github.com/plast-lab/doop-mirror/tree/master/generators)☆23Nov 24, 2024Updated last year
- Stack integrity verification to Detect SleepMask or CallStack Spoofer☆53Jul 13, 2025Updated 8 months ago
- y4er的ysoserial修改版,加入mysql不出网pipe文件生成☆25Mar 8, 2026Updated last week
- 之前方便自己研究RASP原理和绕过时顺手写的,用于快速启动和重置RASP环境☆71Oct 13, 2024Updated last year
- Hacking GraalVM Espresso - Abusing Continuation API to Make ROP-like Attack☆36Aug 27, 2025Updated 6 months ago
- 不那么一样的 Java Agent 内存马☆289Nov 27, 2023Updated 2 years ago
- 专为取证比赛设计的Android-Data数据库分析工具;快速解析手机镜像数据库文件,精准提取证据☆37Nov 5, 2025Updated 4 months ago
- 一个基于 Vineflower 引擎的多线程 Java 批量反编译工具,支持快速处理大量的 class 文件和 JAR 文件。☆58Apr 28, 2025Updated 10 months ago
- The next-generation AI Agent framework driven by Intent Engineering. Move beyond turn-based Function Calling to embrace code-level intent…☆75Jan 11, 2026Updated 2 months ago
- 内存加载FRP☆10Sep 11, 2023Updated 2 years ago
- ☆50Jun 4, 2025Updated 9 months ago
- 《深入JDBC安全:特殊URL构造与不出网反序列化利用技术揭秘》对应研究总结项目 "Deep Dive into JDBC Security: Special URL Construction and Non-Networked Deserialization Explo…☆572Feb 7, 2026Updated last month
- GodInfo 是一个功能全面的后渗透信息和凭据收集工具,旨在帮助安全测试人员在获得授权访问权限后,快速收集目标系统的信息和凭据。☆245Apr 29, 2025Updated 10 months ago
- YASA-UAST is an intermediate representation structure for multi-language program analysis. The UAST-Parser parses code from different pro…☆74Updated this week
- A work in progress of constructing a minimal http(s) beacon for Cobalt Strike.☆27Apr 28, 2022Updated 3 years ago
- ☆28Aug 12, 2023Updated 2 years ago
- 这是一个用Go编写的红队内网环境中一个能快速开启HTTP文件浏览服务的小工具,能够执行shell命令,可以执行webshell☆78May 7, 2023Updated 2 years ago
- The source code of [S&P'25] Detecting Taint-Style Vulnerabilities in Microservice-Structured Web Applications.☆66Nov 20, 2025Updated 4 months ago
- 构造字节在ASCII范围内的jar☆139Feb 14, 2022Updated 4 years ago
- NTLM/Negotiate authentication over HTTP that supports Pass The Hash Mode (PtH)☆17Sep 13, 2024Updated last year