About This Book

👋Hi There! This is a repository to record my study of Java Security

⭐I'd appreciate you lighting up the star (if you like this repository🙂)

repository: https://github.com/p4d0rn/Java_Zoo

gitbook: https://p4d0rn.gitbook.io/java

OpenJDK: https://hg.openjdk.org/jdk8u/jdk8u/jdk/tags

---

Table of contents

🍖Prerequisites

• 反射

  • 反射基本使用

  • 高版本JDK反射绕过

  • 反射调用命令执行

  • 反射构造HashMap

  • 方法句柄

• 类加载

  • 动态加载字节码

  • 双亲委派模型

  • SPI

• RMI & JNDI

  • RPC Intro

  • RMI

  • JEP 290

  • JNDI

• Misc

  • Unsafe

  • 代理模式

  • BCEL

  • JMX

  • JDWP

  • JPDA

  • JVMTI

  • serialVersionUID

  • Java Security Manager

👻Serial Journey

• URLDNS

• Commons Collection 🥏

  • CC1-TransformedMap

  • CC1-LazyMap

  • CC6

  • CC3

  • CC2

• FastJson 🪁

  • FastJson-Basic Usage

  • FastJson-TemplatesImpl

  • FastJson-JdbcRowSetImpl

  • FastJson-BasicDataSource

  • FastJson-ByPass

  • FastJson与原生反序列化(一)

  • FastJson与原生反序列化(二)

  • Jackson的原生反序列化利用

• SnakeYaml

• C3P0

• Log4j

• AspectJWeaver

• Rome

• Spring

• Hessian

• Hessian_Only_JDK

• Kryo

• Dubbo

✂️JDBC Attack

• MySQL JDBC Attack

• H2 JDBC Attack

🌵RASP

• JavaAgent

• JVM

• ByteCode

• JNI

• ASM 🪡

  • ASM Intro

  • Class Generation

  • Class Transformation

• Rasp防御命令执行

• OpenRASP

🐎Memory Shell

• Tomcat-Architecture

• Servlet API

  • Listener

  • Filter

  • Servlet

• Tomcat-Middlewares

  • Tomcat-Valve

  • Tomcat-Executor

  • Tomcat-Upgrade

• Agent MemShell

• WebSocket

• 内存马查杀

• IDEA本地调试Tomcat

🛡️Shiro

• Shiro Intro

• Request URI ByPass

• Context Path ByPass

• Remember Me反序列化 CC-Shiro

• CB1与无CC依赖的反序列化链

🍺Others

• Deserialization Twice

• A New Blazer 4 getter RCE

• Apache Commons Jxpath

• El Attack

• Spel Attack

• C3P0原生反序列化的JNDI打法

• Echo Tech

  • SpringBoot Under Tomcat

🎨Templates

• FreeMarker

• Thymeleaf

• Enjoy

🎏MessageQueue

• ActiveMQ CNVD-2023-69477

• AMQP CVE-2023-34050

• Spring-Kafka CVE-2023-34040

• RocketMQ CVE-2023-33246

🚩CTF

• 长城杯-b4bycoffee (ROME反序列化)

• MTCTF2022(CB+Shiro绕过)

• CISCN 2023 西南赛区半决赛 (Hessian原生JDK+Kryo反序列化)

• CISCN 2023 初赛 (高版本Commons Collections下其他依赖的利用)

• CISCN 2021 总决赛 ezj4va (AspectJWeaver写字节码文件到classpath)

• D^3CTF2023 (新的getter+高版本JNDI不出网+Hessian异常toString)

• WMCTF2023（CC链花式玩法+盲读文件）

• 第六届安洵杯网络安全挑战赛（CB PriorityQueue替代+Postgresql JDBC Attack+FreeMarker）

🔍Code Inspector

• CodeQL 🐳

  • CodeQL Quick Start

  • CodeQL 4 Java

• ByteCodeDL

• Tabby 🦀

• Theory

  • Static Analysis

    • Intro

    • IR & CFG

    • DFA

    • DFA-Foundation

    • Interprocedural Analysis

    • Pointer Analysis

    • Pointer Analysis Foundation

    • PTA-Context Sensitivity

    • Taint Anlysis

    • Datalog