X1r0z / hacking-espressoView external linksLinks
Hacking GraalVM Espresso - Abusing Continuation API to Make ROP-like Attack
☆36Aug 27, 2025Updated 5 months ago
Alternatives and similar repositories for hacking-espresso
Users that are interested in hacking-espresso are comparing it to the libraries listed below
Sorting:
- 使用 Docker 一键构建 JDK 源码的 CodeQL 数据库,方便使用 CodeQL 查找 JDK 中的数据。☆27May 14, 2025Updated 9 months ago
- A benchmark for Java gadget chain detecting algorithms.☆15Jun 20, 2025Updated 7 months ago
- 一个IDEA插件:一键收集项目中所有jar包依赖的工具插件。遍历项目目录收集所有jar文件,复制到all-in-one文件夹,并自动添加为项目库。☆50Oct 30, 2025Updated 3 months ago
- Java Chains 插件编写 demo☆14Mar 5, 2025Updated 11 months ago
- Industrial Cybersecurity Conference Index☆13Mar 11, 2024Updated last year
- idea插件,快速生成反序列化中常用的方法,比如setFieldValue、createTemplatesImpl等☆29Oct 2, 2024Updated last year
- A vul-finder for loading CPG and automated finding vul-call-chains☆71Jul 22, 2025Updated 6 months ago
- Java bytecode line number restoration tool☆134Aug 31, 2025Updated 5 months ago
- 在学习过程中的一些记录☆23Oct 5, 2025Updated 4 months ago
- JavaRce complements project - use RASP to prevent vulnerabilities☆24Apr 22, 2024Updated last year
- ☆18Dec 25, 2024Updated last year
- JavaSec☆43Mar 18, 2024Updated last year
- 一个基于 Vineflower 引擎的多线程 Java 批量反编译工具,支持快速处理大量的 class 文件和 JAR 文件。☆58Apr 28, 2025Updated 9 months ago
- 生异形吗?挖掘构建你自己的Java内存马!☆14May 22, 2025Updated 8 months ago
- CVE-2024-37081: Multiple Local Privilege Escalation in VMware vCenter Server☆10Jul 6, 2024Updated last year
- 之前方便自己研究RASP原理和绕过时顺手写的,用于快速启动和重置RASP环境☆71Oct 13, 2024Updated last year
- nativeRasp that can hook native methods☆24Apr 24, 2023Updated 2 years ago
- The next-generation AI Agent framework driven by Intent Engineering. Move beyond turn-based Function Calling to embrace code-level intent…☆64Jan 11, 2026Updated last month
- 《深入JDBC安全:特殊URL构造与不出网反序列化利用技术揭秘》对应研究总结项目 "Deep Dive into JDBC Security: Special URL Construction and Non-Networked Deserialization Explo…☆569Updated this week
- 用于快速启动tabby 分析漏洞或者gadget的环境☆95Jul 14, 2025Updated 7 months ago
- 基于多种策略, 对已有 JAR 包中的全限定类名进行变换, 无限生成高度相似的虚假类名☆18Jul 30, 2025Updated 6 months ago
- The source code of [S&P'25] Detecting Taint-Style Vulnerabilities in Microservice-Structured Web Applications.☆60Nov 20, 2025Updated 2 months ago
- NodeJS File Write to RCE on a read-only filesystem using a ROP chain in libuv☆37Oct 13, 2024Updated last year
- Holistic Concolic Execution for Dynamic Web Applications via Symbolic Interpreter Analysis (IEEE S&P 2024)☆13Oct 3, 2024Updated last year
- PWNable pyjail☆14Jan 13, 2025Updated last year
- Artifact for ICSE 2023☆50Sep 24, 2022Updated 3 years ago
- [ALL IN ONE] Everything that I shared to public about Cloud Security is here.☆61Apr 19, 2025Updated 9 months ago
- ☆206Oct 27, 2025Updated 3 months ago
- ☆16Apr 7, 2023Updated 2 years ago
- Hessian UTF-8 Overlong Encoding☆21Mar 9, 2024Updated last year
- A powerful JNDI injection exploitation framework that supports RMI, LDAP and LDAPS protocols, including various bypass methods for high-v…☆565Feb 4, 2026Updated last week
- CVE-2023-22527 - RCE (Remote Code Execution) Vulnerability In Confluence Data Center and Confluence Server PoC☆25Jan 23, 2024Updated 2 years ago
- proof-of-concept for generating Java deserialization payload | Proxy MemShell☆221Jun 8, 2024Updated last year
- c3p0 new gadget☆28Apr 1, 2025Updated 10 months ago
- No One(无名):Next Generation Polyglot Website Manager☆72Updated this week
- Emulate Drivers in RING3 with self context mapping or unicorn☆21Jan 1, 2025Updated last year
- A containerized Model Context Protocol (MCP) server providing static code analysis using Joern's Code Property Graph (CPG) with support f…☆41Feb 6, 2026Updated last week
- NCTF 2023 challenges and writeups☆15Dec 30, 2023Updated 2 years ago
- Dump LSASS by spoofing command line arguments to procdump.☆20Oct 21, 2024Updated last year