-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
8 changed files
with
66 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,4 @@ | ||
|
|
||
|
|
||
|
|
||
| <https://github.com/BeichenDream/Chunk-Proxy> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,7 @@ | ||
| --- | ||
| title: "HTTPServerGO" | ||
| draft: false | ||
| --- | ||
|
|
||
|
|
||
| <https://github.com/pho3n1x-web/HTTPServerGO> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,7 @@ | ||
| --- | ||
| title: "Neo-reGeorg" | ||
| draft: false | ||
| --- | ||
|
|
||
|
|
||
| <https://github.com/L-codes/Neo-reGeorg> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,3 @@ | ||
|
|
||
|
|
||
| <https://github.com/ph4ntonn/Stowaway> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,3 @@ | ||
|
|
||
|
|
||
| <https://github.com/mandiant/commando-vm> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,3 @@ | ||
|
|
||
|
|
||
| <https://github.com/FunnyWolf/pystinger> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,7 @@ | ||
| --- | ||
| title: "suo5" | ||
| draft: false | ||
| --- | ||
|
|
||
|
|
||
| <https://github.com/zema1/suo5> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,32 @@ | ||
| --- | ||
| title: "ysoserial" | ||
| draft: false | ||
| --- | ||
|
|
||
|
|
||
| <https://github.com/frohoff/ysoserial/> | ||
|
|
||
| ## Description | ||
|
|
||
| Originally released as part of AppSecCali 2015 Talk | ||
| ["Marshalling Pickles: how deserializing objects will ruin your day"]( | ||
| https://frohoff.github.io/appseccali-marshalling-pickles/) | ||
| with gadget chains for Apache Commons Collections (3.x and 4.x), Spring Beans/Core (4.x), and Groovy (2.3.x). | ||
| Later updated to include additional gadget chains for | ||
| [JRE <= 1.7u21](https://gist.github.com/frohoff/24af7913611f8406eaf3) and several other libraries. | ||
|
|
||
| __ysoserial__ is a collection of utilities and property-oriented programming "gadget chains" discovered in common java | ||
| libraries that can, under the right conditions, exploit Java applications performing __unsafe deserialization__ of | ||
| objects. The main driver program takes a user-specified command and wraps it in the user-specified gadget chain, then | ||
| serializes these objects to stdout. When an application with the required gadgets on the classpath unsafely deserializes | ||
| this data, the chain will automatically be invoked and cause the command to be executed on the application host. | ||
|
|
||
| It should be noted that the vulnerability lies in the application performing unsafe deserialization and NOT in having | ||
| gadgets on the classpath. | ||
|
|
||
| ## Disclaimer | ||
|
|
||
| This software has been created purely for the purposes of academic research and | ||
| for the development of effective defensive techniques, and is not intended to be | ||
| used to attack systems except where explicitly authorized. Project maintainers | ||
| are not responsible or liable for misuse of the software. Use responsibly. |