About This Book

👋Hi There! This is a repository to record my study of Java Security

⭐I'd appreciate you lighting up the star (if you like this repository🙂)

repository: https://github.com/p4d0rn/Java_Zoo

gitbook: https://p4d0rn.gitbook.io/java

OpenJDK: https://hg.openjdk.org/jdk8u/jdk8u/jdk/tags

---

Table of contents

• About This Book

🍖Prerequisites

• 反射

  • 反射基本使用

  • 高版本JDK反射绕过

  • 反射调用命令执行

  • 反射构造HashMap

  • 方法句柄

• 类加载

  • 动态加载字节码

  • 双亲委派模型

  • BCEL

  • SPI

• RMI & JNDI

  • RPC Intro

  • RMI

  • JEP 290

  • JNDI

• Misc

  • Unsafe

  • 代理模式

  • JMX

  • JDWP

  • JPDA

  • JVMTI

  • JNA

  • Java Security Manager

👻Serial Journey

• URLDNS
• SerialVersionUID
• Commons Collection 🥏

  • CC1-TransformedMap
  • CC1-LazyMap
  • CC6
  • CC3
  • CC2
• FastJson 🪁

  • FastJson-Basic Usage
  • FastJson-TemplatesImpl
  • FastJson-JdbcRowSetImpl
  • FastJson-BasicDataSource
  • FastJson-ByPass
  • FastJson与原生反序列化(一)
  • FastJson与原生反序列化(二)
  • Jackson的原生反序列化利用
• Other Components

  • SnakeYaml
  • C3P0
  • AspectJWeaver
  • Rome
  • Spring
  • Hessian
  • Hessian_Only_JDK
  • Kryo
  • Dubbo

🌵RASP

• JavaAgent
• JVM
• ByteCode
• JNI
• ASM 🪡

  • ASM Intro
  • Class Generation
  • Class Transformation
• Rasp防御命令执行
• OpenRASP

🐎Memory Shell

• Tomcat-Architecture
• Servlet API

  • Listener
  • Filter
  • Servlet
• Tomcat-Middlewares

  • Tomcat-Valve
  • Tomcat-Executor
  • Tomcat-Upgrade
• Agent MemShell
• WebSocket
• 内存马查杀
• IDEA本地调试Tomcat

✂️JDBC Attack

• MySQL JDBC Attack
• H2 JDBC Attack

🎨Templates

• FreeMarker
• Thymeleaf
• Enjoy

🎏MessageQueue

• ActiveMQ CNVD-2023-69477
• AMQP CVE-2023-34050
• Spring-Kafka CVE-2023-34040
• RocketMQ CVE-2023-33246

🛡️Shiro

• Shiro Intro
• Request URI ByPass
• Context Path ByPass
• Remember Me反序列化 CC-Shiro
• CB1与无CC依赖的反序列化链

🍺Others

• Deserialization Twice
• A New Blazer 4 getter RCE
• Apache Commons Jxpath
• El Attack
• Spel Attack
• C3P0原生反序列化的JNDI打法
• Log4j
• Echo Tech

  • SpringBoot Under Tomcat
• CTF 🚩

  • 长城杯-b4bycoffee (ROME反序列化)
  • MTCTF2022(CB+Shiro绕过)
  • CISCN 2023 西南赛区半决赛 (Hessian原生JDK+Kryo反序列化)
  • CISCN 2023 初赛 (高版本Commons Collections下其他依赖的利用)
  • CISCN 2021 总决赛 ezj4va (AspectJWeaver写字节码文件到classpath)
  • D^3CTF2023 (新的getter+高版本JNDI不出网+Hessian异常toString)
  • WMCTF2023（CC链花式玩法+盲读文件）
  • 第六届安洵杯网络安全挑战赛（CB PriorityQueue替代+Postgresql JDBC Attack+FreeMarker）

🔍Code Inspector

• CodeQL 🧶

  • Tutorial

    • Intro
    • Module
    • Predicate
    • Query
    • Type
  • CodeQL 4 Java

    • Basics
    • DFA
    • Example
• SootUp ✨

  • Intro
  • Jimple
  • DFA
  • CG
• Tabby 🔦

  • install
• Theory

  • Static Analysis

    • Intro
    • IR & CFG
    • DFA
    • DFA-Foundation
    • Interprocedural Analysis
    • Pointer Analysis
    • Pointer Analysis Foundation
    • PTA-Context Sensitivity
    • Taint Anlysis
    • Datalog