Kubernetes security notes and best practices
☆727Apr 15, 2022Updated 3 years ago
Alternatives and similar repositories for k8s-security
Users that are interested in k8s-security are comparing it to the libraries listed below
Sorting:
- attackRmi☆258Oct 14, 2020Updated 5 years ago
- Multi-language web CGI interfaces exploits.☆399Aug 22, 2022Updated 3 years ago
- 一个全新的敏感文件发现工具☆225Jan 10, 2021Updated 5 years ago
- tomcat使用了自带session同步功能时,不安全的配置(没有使用EncryptInterceptor)导致存在的反序列化漏洞,通过精心构造的数据包, 可以对使用了tomcat自带session同步功能的服务器进行攻击。PS:这个不是CVE-2020-9484,9484…☆212May 19, 2020Updated 5 years ago
- Apache Solr Injection Research☆579Jan 28, 2020Updated 6 years ago
- Hunt for security weaknesses in Kubernetes clusters☆5,005Mar 19, 2024Updated last year
- ☆145Jun 20, 2018Updated 7 years ago
- (周瑜)Java - SpringBoot 持久化 WebShell(不仅仅是SpringBoot,适合任何符合JavaEE规范的服务)☆615Dec 29, 2021Updated 4 years ago
- ☆131Jun 17, 2022Updated 3 years ago
- CVE-2020-1066-EXP支持Windows 7和Windows Server 2008 R2操作系统☆187Jun 17, 2020Updated 5 years ago
- X安蜜罐用的一些存在JSonp劫持的API☆93May 28, 2021Updated 4 years ago
- ☆153Jun 24, 2019Updated 6 years ago
- proxylogon exploit - CVE-2021-26857☆112Mar 11, 2021Updated 4 years ago
- Flask 内存马☆313Mar 26, 2021Updated 4 years ago
- ☆835Jun 7, 2022Updated 3 years ago
- 用于辅助安全工程师漏洞挖掘、测试、复现,集合了mock、httplog、dns tools、xss,可用于测试各类无回显、无法直观判断或特定场景下的漏洞。☆866Jul 21, 2019Updated 6 years ago
- Java Agent is a Java application probe of DongTai IAST, which collects method invocation data during runtime of Java application by dynam…☆697Dec 25, 2023Updated 2 years ago
- 用于记录分享一些有趣的案例☆865Jan 10, 2022Updated 4 years ago
- JumpServer远程代码执行漏洞检测利用脚本☆203Feb 9, 2021Updated 5 years ago
- 🌶 一些和容器化/容器编排/服务网格等技术相关的安全代码片段[自用备份]☆81Jul 23, 2021Updated 4 years ago
- JRE8u20_RCE_Gadget☆255Jul 1, 2016Updated 9 years ago
- BCS(北京网络安全大会)2019 红队行动会议重点内容☆819Sep 4, 2019Updated 6 years ago
- 通过 Redis 主从写出无损文件☆719May 25, 2020Updated 5 years ago
- 基于亚马逊S3\阿里云OSS\腾讯COS通信隧道的远程管理工具☆328Oct 10, 2020Updated 5 years ago
- weaponized tool for CVE-2020-17144☆158Dec 9, 2020Updated 5 years ago
- A system that may trick hackers. 针对黑客的拟态欺骗系统。☆454Nov 20, 2025Updated 3 months ago
- 在渗透测试中快速检测常见中间件、组件的高危漏洞。☆728Mar 21, 2022Updated 3 years ago
- 越权检测工具☆746Jun 17, 2022Updated 3 years ago
- anti AV☆292Mar 12, 2020Updated 5 years ago
- There is no pre-auth RCE in Jenkins since May 2017, but this is the one!☆607May 17, 2019Updated 6 years ago
- 内存马Demo合集 memshell demo for java / php / python☆425May 31, 2021Updated 4 years ago
- awesome resources about cloud native security 🐿☆324Nov 4, 2023Updated 2 years ago
- 适用于weblogic和Tomcat的无文件的内存马(memshell)☆269Mar 4, 2022Updated 4 years ago
- A tool to scan Kubernetes cluster for risky permissions☆1,414May 25, 2025Updated 9 months ago
- Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.☆612Mar 4, 2021Updated 5 years ago
- 利用agent hock指定的class,在jar运行周期内,用于跟踪被执行的方法,辅助做一些事情,比如挖洞啊☆125Jul 17, 2020Updated 5 years ago
- Some payloads of JNDI Injection in JDK 1.8.0_191+☆483Dec 9, 2020Updated 5 years ago
- ☆78Jan 12, 2021Updated 5 years ago
- some struts tag , attributes which out of the range will call SetDynamicAttribute() function, it will cause ONGL expression execute☆70Dec 14, 2020Updated 5 years ago