java xxe defense demo
☆49Jul 18, 2019Updated 6 years ago
Alternatives and similar repositories for java-xxe-defense-demo
Users that are interested in java-xxe-defense-demo are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- 总结了一下2019年在JVM环境中使用XXE攻击的知识☆58Oct 31, 2019Updated 6 years ago
- 利用agent hock指定的class,在jar运行周期内,用于跟踪被执行的方法,辅助做一些事情,比如挖洞啊☆125Jul 17, 2020Updated 5 years ago
- MySQL JDBC Deserialization Payload / MySQL客户端jdbc反序列化漏洞payload☆13Feb 8, 2020Updated 6 years ago
- ☆28Jul 18, 2020Updated 5 years ago
- ☆17Apr 17, 2021Updated 4 years ago
- Managed Kubernetes at scale on DigitalOcean • AdDigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
- Spring Boot Actuator + Spring Cloud Vul Env☆19Dec 25, 2019Updated 6 years ago
- 安全升级jar包时,辅助检测Java Archive (JAR) 包之间兼容性,各类符号引用的存在检测,包括方法、方法签名、字段定义和引用、类引用等等☆14Jul 7, 2024Updated last year
- ☆835Jun 7, 2022Updated 3 years ago
- A Java runtime information-gathering tool which uses the Java Attach API for information acquisition☆204Apr 26, 2021Updated 4 years ago
- ☆131Jun 17, 2022Updated 3 years ago
- bypassD盾、安全狗、云锁☆107Mar 31, 2021Updated 4 years ago
- JRE8u20_RCE_Gadget☆255Jul 1, 2016Updated 9 years ago
- attackRmi☆258Oct 14, 2020Updated 5 years ago
- 参赛所用的sshop平台☆11Jun 26, 2018Updated 7 years ago
- NordVPN Special Discount Offer • AdSave on top-rated NordVPN 1 or 2-year plans with secure browsing, privacy protection, and support for for all major platforms.
- CVE-2019-14540 Exploit☆21Aug 21, 2019Updated 6 years ago
- Java RCE 回显测试代码☆1,015Oct 15, 2020Updated 5 years ago
- A fake JDBC driver that allows OS command execution.☆125Oct 2, 2022Updated 3 years ago
- A byte code analyzer for finding deserialization gadget chains in Java applications☆1,080Jun 15, 2021Updated 4 years ago
- Detect webshells.☆11Aug 14, 2020Updated 5 years ago
- Writeup and environment for XCTF2021Final-Dubbo☆44May 31, 2021Updated 4 years ago
- Native Java serialization filter blacklist for common gadgets☆20Sep 12, 2019Updated 6 years ago
- 蜜罐检测工具,支持自动化URL去重、多线程控制及智能速率限制。可识别伪装服务。☆16Jun 5, 2025Updated 9 months ago
- Apache Superset Auth Bypass (CVE-2023-27524)☆11May 9, 2023Updated 2 years ago
- Virtual machines for every use case on DigitalOcean • AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- CTF stuff☆40Dec 5, 2022Updated 3 years ago
- 超硬核!使用图数据技术发现软件漏洞☆185Sep 1, 2021Updated 4 years ago
- ysoserial for 1nhann☆11Sep 26, 2022Updated 3 years ago
- Analysis Financial Attacker Groups, 金融行业攻击者团伙研究☆23Jun 24, 2021Updated 4 years ago
- javaGGC for generate commons.collections gadget chain☆12Nov 10, 2021Updated 4 years ago
- fastjson remote code execute poc 直接用intellij IDEA打开即可 首先编译得到Test.class,然后运行Poc.java☆403Dec 16, 2022Updated 3 years ago
- bypass JEP290 RaspHook code☆63Sep 21, 2020Updated 5 years ago
- Slides/Demos from the BSides Munich 2019 talk "Attacking Java RMI in 2019"☆101Sep 20, 2019Updated 6 years ago
- ☆153Jun 24, 2019Updated 6 years ago
- Virtual machines for every use case on DigitalOcean • AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- gosec动态规则修改版☆12Jun 29, 2021Updated 4 years ago
- 2 web tasks from ZeroNights HackQuest 2016☆50Mar 24, 2017Updated 9 years ago
- ☆12Jan 13, 2018Updated 8 years ago
- 一些Java RASP demo☆11Sep 26, 2019Updated 6 years ago
- GitHub Satellite 2020 workshops on finding security vulnerabilities with CodeQL for Java/JavaScript.☆210Sep 27, 2024Updated last year
- 从入门到放弃的产物,学习过程中用python实现的一个单点c2基本功能☆11Mar 11, 2020Updated 6 years ago
- A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.优化了一些东西。☆214Jan 17, 2022Updated 4 years ago