> For the complete documentation index, see [llms.txt](https://p4d0rn.gitbook.io/java/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://p4d0rn.gitbook.io/java/readme.md).

# About This Book

👋Hi There! This is a repository to record my study of Java Security

⭐I'd appreciate you lighting up the star (if you like this repository🙂)

repository: <https://github.com/p4d0rn/Java_Zoo>

gitbook: <https://p4d0rn.gitbook.io/java>

OpenJDK: <https://hg.openjdk.org/jdk8u/jdk8u/jdk/tags>

***

## Table of contents

* [About This Book](/java/rasp/openrasp.md)

### 🍖Prerequisites

* 反射
  * [反射基本使用](/java/prerequisites/fan-she/reflection.md)
  * [高版本JDK反射绕过](/java/prerequisites/fan-she/reflection2.md)
  * [反射调用命令执行](/java/prerequisites/fan-she/exec.md)
  * [反射构造HashMap](/java/prerequisites/fan-she/reflect_hashmap.md)
  * [方法句柄](/java/prerequisites/fan-she/methodhandle.md)
* 类加载
  * [动态加载字节码](/java/prerequisites/lei-jia-zai/classloader.md)
  * [双亲委派模型](/java/prerequisites/lei-jia-zai/parents_delegate.md)
  * [BCEL](/java/prerequisites/lei-jia-zai/bcel.md)
  * [SPI](/java/prerequisites/lei-jia-zai/spi.md)
* RMI & JNDI
  * [RPC Intro](/java/prerequisites/rmi-and-jndi/rpc.md)
  * [RMI](/java/prerequisites/rmi-and-jndi/rmi.md)
  * [JEP 290](/java/prerequisites/rmi-and-jndi/jep.md)
  * [JNDI](/java/prerequisites/rmi-and-jndi/jndi.md)
* Misc
  * [Unsafe](/java/prerequisites/misc/unsafe.md)
  * [代理模式](/java/prerequisites/misc/proxy.md)
  * [JMX](/java/prerequisites/misc/jmx.md)
  * [JDWP](/java/prerequisites/misc/jdwp.md)
  * [JPDA](/java/prerequisites/misc/jpda.md)
  * [JVMTI](/java/prerequisites/misc/jvmti.md)
  * [JNA](/java/prerequisites/misc/jna.md)
  * [Java Security Manager](/java/prerequisites/misc/securitymanager.md)

### 👻Serial Journey

* [URLDNS](/java/serial-journey/urldns.md)
* [SerialVersionUID](/java/serial-journey/serialversionuid.md)
* Commons Collection 🥏
  * [CC1-TransformedMap](/java/serial-journey/commons-collection/cc1_transformedmap.md)
  * [CC1-LazyMap](/java/serial-journey/commons-collection/cc1_lazymap.md)
  * [CC6](/java/serial-journey/commons-collection/cc6.md)
  * [CC3](/java/serial-journey/commons-collection/cc3.md)
  * [CC2](/java/serial-journey/commons-collection/cc2.md)
* FastJson 🪁
  * [FastJson-Basic Usage](/java/serial-journey/fastjson/fastjsonbasic.md)
  * [FastJson-TemplatesImpl](/java/serial-journey/fastjson/fastjson_templatesimpl.md)
  * [FastJson-JdbcRowSetImpl](/java/serial-journey/fastjson/fastjson_jdbcrowsetimpl.md)
  * [FastJson-BasicDataSource](/java/prerequisites/lei-jia-zai/bcel.md)
  * [FastJson-ByPass](https://github.com/p4d0rn/Java_Zoo/blob/main/Deserial/FastJson_ByPass.md)
  * [FastJson与原生反序列化(一)](https://paper.seebug.org/2055/)
  * [FastJson与原生反序列化(二)](https://y4tacker.github.io/2023/04/26/year/2023/4/FastJson与原生反序列化-二/)
  * [Jackson的原生反序列化利用](/java/serial-journey/fastjson/jackson.md)
* Other Components
  * [SnakeYaml](/java/serial-journey/other-components/snakeyaml.md)
  * [C3P0](/java/serial-journey/other-components/c3p0.md)
  * [AspectJWeaver](/java/serial-journey/other-components/aspectjweaver.md)
  * [Rome](/java/serial-journey/other-components/rome.md)
  * [Spring](/java/serial-journey/other-components/spring.md)
  * [Hessian](/java/serial-journey/other-components/hessian.md)
  * [Hessian\_Only\_JDK](/java/serial-journey/other-components/hessian_only_jdk.md)
  * [Kryo](/java/serial-journey/other-components/kryo.md)
  * [Dubbo](/java/serial-journey/other-components/dubbo.md)

### 🌵RASP

* [JavaAgent](/java/rasp/javaagent.md)
* [JVM](/java/rasp/jvm.md)
* [ByteCode](/java/rasp/bytecode.md)
* [JNI](/java/rasp/jni.md)
* ASM 🪡
  * [ASM Intro](/java/rasp/asm/asm0.md)
  * [Class Generation](/java/rasp/asm/asm1.md)
  * [Class Transformation](/java/rasp/asm/asm2.md)
* [Rasp防御命令执行](/java/rasp/rasp1.md)
* [OpenRASP](/java/readme.md)

### 🐎Memory Shell

* [Tomcat-Architecture](/java/memory-shell/tomcat.md)
* Servlet API
  * [Listener](/java/memory-shell/servlet-api/listener.md)
  * [Filter](/java/memory-shell/servlet-api/filter.md)
  * [Servlet](/java/memory-shell/servlet-api/servlet.md)
* Tomcat-Middlewares
  * [Tomcat-Valve](/java/memory-shell/tomcat-middlewares/valve.md)
  * [Tomcat-Executor](/java/memory-shell/tomcat-middlewares/executor.md)
  * [Tomcat-Upgrade](/java/memory-shell/tomcat-middlewares/upgrade.md)
* [Agent MemShell](/java/memory-shell/agent.md)
* [WebSocket](/java/memory-shell/websocket.md)
* [内存马查杀](https://blog.csdn.net/SimoSimoSimo/article/details/127700190)
* [IDEA本地调试Tomcat](/java/memory-shell/de_tomcat.md)

### ✂️JDBC Attack

* [MySQL JDBC Attack](/java/jdbc-attack/mysql.md)
* [H2 JDBC Attack](/java/jdbc-attack/h2.md)

### 🎨Templates

* [FreeMarker](/java/templates/freemarker.md)
* [Thymeleaf](/java/templates/thymeleaf.md)
* [Enjoy](/java/templates/enjoy.md)

### 🎏MessageQueue

* [ActiveMQ CNVD-2023-69477](/java/messagequeue/activemq.md)
* [AMQP CVE-2023-34050](/java/messagequeue/amqp.md)
* [Spring-Kafka CVE-2023-34040](/java/messagequeue/kafka.md)
* [RocketMQ CVE-2023-33246](https://github.com/p4d0rn/Java_Zoo/blob/main/MessageQueue/rocketmq.md)

### 🛡️Shiro

* [Shiro Intro](/java/shiro/shiro.md)
* [Request URI ByPass](/java/shiro/cve-2010-3863.md)
* [Context Path ByPass](/java/shiro/cve-2016-6802.md)
* [Remember Me反序列化 CC-Shiro](/java/shiro/cc-shiro.md)
* [CB1与无CC依赖的反序列化链](/java/shiro/cb1.md)

### 🍺Others

* [Deserialization Twice](/java/others/desertwice.md)
* [A New Blazer 4 getter RCE](/java/others/newgetter.md)
* [Apache Commons Jxpath](/java/others/jxpath.md)
* [El Attack](/java/others/elattack.md)
* [Spel Attack](/java/others/spel.md)
* [C3P0原生反序列化的JNDI打法](/java/others/c3p0.md)
* [Log4j](/java/others/log4j2.md)
* Echo Tech
  * [SpringBoot Under Tomcat](/java/others/echo-tech/sbtomcat.md)
* CTF 🚩
  * [长城杯-b4bycoffee (ROME反序列化)](/java/others/ctf/b4bycoffee.md)
  * [MTCTF2022(CB+Shiro绕过)](/java/others/ctf/mtctf2022.md)
  * [CISCN 2023 西南赛区半决赛 (Hessian原生JDK+Kryo反序列化)](/java/others/ctf/seacloud.md)
  * [CISCN 2023 初赛 (高版本Commons Collections下其他依赖的利用)](/java/others/ctf/deserbug.md)
  * [CISCN 2021 总决赛 ezj4va (AspectJWeaver写字节码文件到classpath)](/java/others/ctf/ezj4va.md)
  * [D^3CTF2023 (新的getter+高版本JNDI不出网+Hessian异常toString)](/java/others/ctf/d3java.md)
  * [WMCTF2023（CC链花式玩法+盲读文件）](/java/others/ctf/wmctf2023.md)
  * [第六届安洵杯网络安全挑战赛（CB PriorityQueue替代+Postgresql JDBC Attack+FreeMarker）](/java/others/ctf/axb2023.md)

### 🔍Code Inspector

* CodeQL 🧶
  * Tutorial
    * [Intro](/java/code-inspector/codeql/tutorial/intro.md)
    * [Module](/java/code-inspector/codeql/tutorial/module.md)
    * [Predicate](/java/code-inspector/codeql/tutorial/predicate.md)
    * [Query](/java/code-inspector/codeql/tutorial/query.md)
    * [Type](/java/code-inspector/codeql/tutorial/type.md)
  * CodeQL 4 Java
    * [Basics](/java/code-inspector/codeql/codeql-4-java/basics.md)
    * [DFA](/java/code-inspector/codeql/codeql-4-java/dfa.md)
    * [Example](/java/code-inspector/codeql/codeql-4-java/codeql4java.md)
* SootUp ✨
  * [Intro](/java/code-inspector/sootup/intro.md)
  * [Jimple](/java/code-inspector/sootup/jimple.md)
  * [DFA](/java/code-inspector/sootup/dfa.md)
  * [CG](/java/code-inspector/sootup/cg.md)
* Tabby 🔦
  * [install](/java/code-inspector/tabby/install.md)
* Theory
  * Static Analysis
    * [Intro](/java/code-inspector/theory/static-analysis/intro.md)
    * [IR & CFG](/java/code-inspector/theory/static-analysis/ir.md)
    * [DFA](/java/code-inspector/theory/static-analysis/dfa.md)
    * [DFA-Foundation](/java/code-inspector/theory/static-analysis/dfa-foundation.md)
    * [Interprocedural Analysis](/java/code-inspector/theory/static-analysis/inter.md)
    * [Pointer Analysis](/java/code-inspector/theory/static-analysis/pta.md)
    * [Pointer Analysis Foundation](/java/code-inspector/theory/static-analysis/pta-foundation.md)
    * [PTA-Context Sensitivity](/java/code-inspector/theory/static-analysis/pta-cs.md)
    * [Taint Anlysis](/java/code-inspector/theory/static-analysis/taint.md)
    * [Datalog](/java/code-inspector/theory/static-analysis/datalog.md)
