fergarrui / custom-bytecode-analyzer

Related projects ⓘ

Alternatives and complementary repositories for custom-bytecode-analyzer

• Contrast-Security-OSS / joogle
  A static analysis API for finding deserialization attack gadgets
  ☆38Updated 2 years ago
• shawnmckinney / remote-code-execution-sample
  Demonstrate how usage of the Java Security Manager can prevent Remote Code Execution (RCE) exploits.
  ☆25Updated 11 months ago
• frohoff / inspector-gadget
  Primitive tool for exploring/querying Java classes via the Tinkerpop Gremlin graph traversal language
  ☆104Updated 8 years ago
• mbechler / serjs
  A Java serializer in JavaScript
  ☆82Updated 6 years ago
• immunio / apache-struts2-CVE-2017-5638
  Demo Application and Exploit
  ☆35Updated 7 years ago
• breenmachine / JavaUnserializeExploits
  ☆133Updated 9 years ago
• victims / maven-security-versions
  Identify vulnerable libraries in Maven dependencies
  ☆45Updated last year
• faketime-java / faketime
  Fake currentTimeMillis() without class loader hacks
  ☆114Updated 3 years ago
• yocontra / JMD
  Java bytecode analysis/deobfuscation tool
  ☆199Updated 6 years ago
• irsl / jackson-rce-via-spel
  An example project that exploits the default typing issue in Jackson-databind via Spring application contexts and expressions
  ☆121Updated 6 years ago
• find-sec-bugs / find-sec-bugs-demos
  Repository to showcase various configuration recipes with various technologies
  ☆35Updated last year
• pwntester / JVMDeserialization
  PoC for Scala and Groovy
  ☆14Updated 8 years ago
• zerothoughts / jndipoc
  Proof of concept showing how java byte code can be injected through InitialContext.lookup() calls
  ☆42Updated 8 years ago
• Contrast-Security-OSS / contrast-rO0
  A tiny Java agent that blocks attacks against unsafe deserialization
  ☆83Updated 7 years ago
• Semmle / SecurityQueries
  Deprecated: Please visit https://github.com/github/codeql instead.
  ☆81Updated 2 years ago
• topolik / ois-dos
  Java Deserialization
  ☆26Updated 8 years ago
• CaledoniaProject / CVE-2018-1270
  Spring messaging STOMP protocol RCE
  ☆114Updated 6 years ago
• mdsecresearch / ThriftDecoder
  Apache Thrift Decoder
  ☆31Updated 6 years ago
• axt / jvm-callgraph
  Call graph generator for JVM bytecode
  ☆18Updated 7 years ago
• kantega / notsoserial
  Java Agent which mitigates deserialisation attacks by making certain classes unserializable
  ☆185Updated 8 years ago
• rwincey / JavaShellcodeRunner
  JavaShellcodeRunner
  ☆10Updated 11 years ago
• LinkedInAttic / sometime
  A BurpSuite plugin to detect Same Origin Method Execution vulnerabilities
  ☆60Updated 7 years ago
• schierlm / JavaPayload
  JavaPayload is a collection of pure Java payloads to be used for post-exploitation from pure Java exploits or from common misconfiguratio…
  ☆119Updated 2 years ago
• zerothoughts / spring-jndi
  Proof of concept exploit, showing how to do bytecode injection through untrusted deserialization with Spring Framework 4.2.4
  ☆116Updated 5 years ago
• 0ang3el / HQLi-playground
  ☆45Updated 8 years ago
• retme7 / My-Slides
  My slides
  ☆89Updated 5 years ago
• GrrrDog / ZeroNights-HackQuest-2016
  2 web tasks from ZeroNights HackQuest 2016
  ☆51Updated 7 years ago
• GDSSecurity / GDS-PMD-Security-Rules
  Custom security ruleset for the popular Java static analysis tool PMD.
  ☆61Updated 8 years ago