Deprecated: Please visit https://github.com/github/codeql instead.
☆82Apr 8, 2022Updated 3 years ago
Alternatives and similar repositories for SecurityQueries
Users that are interested in SecurityQueries are comparing it to the libraries listed below
Sorting:
- This repo has been migrated to https://github.com/github/security-lab/tree/master/SecurityExploits☆253Nov 5, 2019Updated 6 years ago
- A Java serializer in JavaScript☆80May 21, 2018Updated 7 years ago
- Demonstrating why Dynamic Method Invocation with unrestricted method names (the old default of Struts) is dangerous.☆12Sep 30, 2018Updated 7 years ago
- keynote I gave at GreHack 2019☆19Nov 17, 2019Updated 6 years ago
- PoC Code for CVE-2018-16712 (exploit by MmMapIoSpace)☆25Dec 1, 2018Updated 7 years ago
- a kernel information leak on macOS<= 10.14.4☆10May 24, 2019Updated 6 years ago
- PoC Exploit for AOSP UserDictionary Content Provider (CVE-2018-9375)☆21Mar 2, 2019Updated 7 years ago
- A static byte code analyzer for Java deserialization gadget research☆251Apr 17, 2017Updated 8 years ago
- 一些Java RASP demo☆11Sep 26, 2019Updated 6 years ago
- Repository to hold materials for DefCon_RESTing presentation by Dinis, Abe and Alvaro☆53Aug 5, 2013Updated 12 years ago
- Collection of bypass gadgets to extend and wrap ysoserial payloads☆387Apr 16, 2022Updated 3 years ago
- Mogwai Java Management Extensions (JMX) Exploitation Toolkit☆174Jul 21, 2016Updated 9 years ago
- Vulnerability research on the CA UIM Nimbus protocol☆15Sep 28, 2020Updated 5 years ago
- Java RMI enumeration and attack tool.☆745Sep 28, 2017Updated 8 years ago
- The Outlook HTML Leak Test Project☆130May 12, 2018Updated 7 years ago
- ☆11Jan 6, 2020Updated 6 years ago
- ☆17Oct 25, 2018Updated 7 years ago
- A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.☆34Sep 19, 2016Updated 9 years ago
- 漏洞复现记录☆11Jun 18, 2019Updated 6 years ago
- Spring messaging STOMP protocol RCE☆113Apr 12, 2018Updated 7 years ago
- A byte code analyzer for finding deserialization gadget chains in Java applications☆1,080Jun 15, 2021Updated 4 years ago
- 2 web tasks from ZeroNights HackQuest 2016☆50Mar 24, 2017Updated 8 years ago
- ☆72Nov 20, 2017Updated 8 years ago
- Webkit JavascriptCore Array unshift function had a race condition, it leads to RCE.☆44Dec 5, 2023Updated 2 years ago
- bypass JEP290 RaspHook code☆63Sep 21, 2020Updated 5 years ago
- S2-057 poc test☆13Aug 31, 2018Updated 7 years ago
- Automatically identify deserialisation issues in Java and .NET applications by using active and passive scans☆583Sep 7, 2021Updated 4 years ago
- XSS payloads for edge cases☆34Nov 13, 2018Updated 7 years ago
- Resources related to GitHub Security Lab☆1,589Dec 2, 2025Updated 3 months ago
- This is the Pwn2Own 2017 Safari backup vul's exploit.☆116Mar 25, 2019Updated 6 years ago
- Apache Solr Injection Research☆580Jan 28, 2020Updated 6 years ago
- Vulnerable webapp testbed☆24May 11, 2016Updated 9 years ago
- Java Message Exploitation Tool☆510Jul 6, 2022Updated 3 years ago
- CVE-2020-28243 Local Privledge Escalation Exploit in SaltStack Minion☆18Mar 3, 2021Updated 5 years ago
- Exploit for CVE-2018-4233, a WebKit JIT optimization bug used during Pwn2Own 2018☆180Feb 7, 2024Updated 2 years ago
- Some stuffs for CODE BLUE 2016☆23Oct 26, 2016Updated 9 years ago
- Exploit for the Post-Auth RCE vulnerability in Pulse Secure Connect☆133Feb 11, 2022Updated 4 years ago
- My solution for GitHub Security Lab CTF 4: CodeQL and Chill - The Java Edition☆19Jun 10, 2020Updated 5 years ago
- Encima De la Mosca HTTP proxy POC for infecting files on-the-fly and SSLstrip2☆41Sep 1, 2018Updated 7 years ago