Y4tacker / HackingFernFlower
2023白帽补天大会部分代码
☆119Updated 10 months ago
Related projects ⓘ
Alternatives and complementary repositories for HackingFernFlower
- JDBC Attack Tricks☆135Updated last year
- Java表达式语句生成器☆179Updated last year
- proof-of-concept for generating Java deserialization payload | Proxy MemShell☆176Updated 5 months ago
- A Java Route Collection Tool☆86Updated 3 months ago
- Some ReadObject Sink With JDBC☆192Updated 6 months ago
- 检测查杀java内存马☆74Updated 11 months ago
- ☆135Updated last year
- 这是一个用Go编写的红队内网环境中一个能快速开启HTTP文件浏览服务的小工具,能够执行shell命令,可以执行webshell☆70Updated last year
- 抽离出 utf-8-overlong-encoding 的序列化逻辑,实现 2 3 字节加密序列化数组☆110Updated 8 months ago
- 不那么一样的 Java Agent 内存马☆255Updated 11 months ago
- 当死去的记忆突然开始攻击我,我终于想起了我还写过一款十分十分垃圾的 rasp 靶场。☆78Updated 2 years ago
- 禅道研发项目管理系统`misc-captcha-user`认证绕过后台命令注入漏洞☆88Updated last year
- 内存马查杀工具,尤其针对Agent型,原理是dump出JVM当前的class并进行字节码分析,并加入自动修复的功能☆114Updated last year
- Apache Dubbo漏洞测试Demo及其POC☆61Updated last year
- A Go library for generating Java deserialization payloads.☆158Updated 2 months ago
- 基于 jdwp-shellifier 的进阶JDWP漏洞利用脚本(动态执行Java/Js代码并获得回显)☆232Updated last week
- evil-mysql-server is a malicious database written to target jdbc deserialization vulnerabilities and requires ysoserial.☆84Updated 2 years ago
- CVE-2022-25845(fastjson1.2.80) exploit in Spring Env!☆67Updated 2 weeks ago
- dubbo快速利用exp,基本上老版本覆盖100%。☆102Updated 10 months ago
- ☆20Updated last year
- 2023 各大 CTF 的比赛附件☆50Updated last year
- ☆53Updated 11 months ago
- 记录一些代码审计过的源码☆134Updated 3 months ago
- Lessons for syntaxflow zero to hero☆42Updated 2 months ago
- A heapdump leaks Shiro key causing RCE vulnerability environment.☆52Updated 6 months ago
- 是一些比赛中的好题,加上自己出的一些。。。☆44Updated 2 years ago
- 用java实现构造openwire协议,利用activeMQ < 5.18.3 RCE 回显利用 内存马注入☆259Updated last year
- 自己积累的一些Java反序列化利用链☆87Updated last year
- 基于污点分析和模拟栈帧技术的JSP Webshell检测☆44Updated last month