KTH-LangSec / SerialDetectorLinks
A proof-of-concept tool for detection and exploitation Object Injection Vulnerabilities in .NET applications
☆63Updated 4 years ago
Alternatives and similar repositories for SerialDetector
Users that are interested in SerialDetector are comparing it to the libraries listed below
Sorting:
- ☆15Updated 3 years ago
- ☆34Updated 3 years ago
- GreHack 2021 CodeQL for Java workshop☆75Updated 3 years ago
- tetctf2020_amf_writeups☆23Updated 4 years ago
- A variant analysis and visualisation tool that scans codebases for similar vulnerabilities☆73Updated 3 years ago
- ☆78Updated 4 years ago
- Compiled dataset of Java deserialization CVEs☆61Updated 4 years ago
- My CodeQL queries collection☆97Updated last year
- XSS payloads for edge cases☆34Updated 6 years ago
- ☆35Updated 2 years ago
- Additional materials for RootedCON 2015 Apache Struts talk☆30Updated 10 years ago
- Several XStream gadgets ported from ysoserial☆33Updated 3 years ago
- Some PoC (Proof-of-Concept) about vulnerability of java deserialization of untrusted data☆26Updated 3 years ago
- Custom / Experimental CodeQL queries☆37Updated 3 years ago
- ZAP/Burp plugin that generate script to reproduce a specific HTTP request (Intended for fuzzing or scripted attacks)☆30Updated 3 years ago
- X41 BeanStack - Stack Trace Fingerprinting BETA☆52Updated 4 years ago
- Dependencies with Log4j2 Checklist☆35Updated 3 years ago
- A web server designed to shut off on command to exploit DNS rebinding in Chromium-based browsers☆12Updated 2 years ago
- Slides/Demos from the BSides Munich 2019 talk "Attacking Java RMI in 2019"☆100Updated 5 years ago
- POC for leaking java version through file and ftp protocols☆24Updated 4 years ago
- Some private tools i decided to release for public.☆49Updated last year
- ☆32Updated 5 years ago
- D-Link DIR-859 - RCE UnAutenticated (CVE-2019–17621)☆48Updated 5 years ago
- ☆34Updated 5 years ago
- This repo contains the lazyFuzzer and the Report on the output from the same☆17Updated 5 years ago
- Jira未授权SSRF漏洞☆31Updated 5 years ago
- None of the exploit code or research is my own but all available in public domain☆28Updated 6 years ago
- ☆29Updated 4 years ago
- A fast generative fuzzer for HTTP☆17Updated 6 years ago
- CVE-2020-35728 & Jackson-databind RCE☆43Updated 4 years ago