# About This Book 👋Hi There! This is a repository to record my study of Java Security ⭐I'd appreciate you lighting up the star (if you like this repository🙂) repository: gitbook: OpenJDK: *** ## Table of contents * [About This Book](https://p4d0rn.gitbook.io/java/rasp/openrasp) ### 🍖Prerequisites * 反射 * [反射基本使用](https://p4d0rn.gitbook.io/java/prerequisites/fan-she/reflection) * [高版本JDK反射绕过](https://p4d0rn.gitbook.io/java/prerequisites/fan-she/reflection2) * [反射调用命令执行](https://p4d0rn.gitbook.io/java/prerequisites/fan-she/exec) * [反射构造HashMap](https://p4d0rn.gitbook.io/java/prerequisites/fan-she/reflect_hashmap) * [方法句柄](https://p4d0rn.gitbook.io/java/prerequisites/fan-she/methodhandle) * 类加载 * [动态加载字节码](https://p4d0rn.gitbook.io/java/prerequisites/lei-jia-zai/classloader) * [双亲委派模型](https://p4d0rn.gitbook.io/java/prerequisites/lei-jia-zai/parents_delegate) * [BCEL](https://p4d0rn.gitbook.io/java/prerequisites/lei-jia-zai/bcel) * [SPI](https://p4d0rn.gitbook.io/java/prerequisites/lei-jia-zai/spi) * RMI & JNDI * [RPC Intro](https://p4d0rn.gitbook.io/java/prerequisites/rmi-and-jndi/rpc) * [RMI](https://p4d0rn.gitbook.io/java/prerequisites/rmi-and-jndi/rmi) * [JEP 290](https://p4d0rn.gitbook.io/java/prerequisites/rmi-and-jndi/jep) * [JNDI](https://p4d0rn.gitbook.io/java/prerequisites/rmi-and-jndi/jndi) * Misc * [Unsafe](https://p4d0rn.gitbook.io/java/prerequisites/misc/unsafe) * [代理模式](https://p4d0rn.gitbook.io/java/prerequisites/misc/proxy) * [JMX](https://p4d0rn.gitbook.io/java/prerequisites/misc/jmx) * [JDWP](https://p4d0rn.gitbook.io/java/prerequisites/misc/jdwp) * [JPDA](https://p4d0rn.gitbook.io/java/prerequisites/misc/jpda) * [JVMTI](https://p4d0rn.gitbook.io/java/prerequisites/misc/jvmti) * [JNA](https://p4d0rn.gitbook.io/java/prerequisites/misc/jna) * [Java Security Manager](https://p4d0rn.gitbook.io/java/prerequisites/misc/securitymanager) ### 👻Serial Journey * [URLDNS](https://p4d0rn.gitbook.io/java/serial-journey/urldns) * [SerialVersionUID](https://p4d0rn.gitbook.io/java/serial-journey/serialversionuid) * Commons Collection 🥏 * [CC1-TransformedMap](https://p4d0rn.gitbook.io/java/serial-journey/commons-collection/cc1_transformedmap) * [CC1-LazyMap](https://p4d0rn.gitbook.io/java/serial-journey/commons-collection/cc1_lazymap) * [CC6](https://p4d0rn.gitbook.io/java/serial-journey/commons-collection/cc6) * [CC3](https://p4d0rn.gitbook.io/java/serial-journey/commons-collection/cc3) * [CC2](https://p4d0rn.gitbook.io/java/serial-journey/commons-collection/cc2) * FastJson 🪁 * [FastJson-Basic Usage](https://p4d0rn.gitbook.io/java/serial-journey/fastjson/fastjsonbasic) * [FastJson-TemplatesImpl](https://p4d0rn.gitbook.io/java/serial-journey/fastjson/fastjson_templatesimpl) * [FastJson-JdbcRowSetImpl](https://p4d0rn.gitbook.io/java/serial-journey/fastjson/fastjson_jdbcrowsetimpl) * [FastJson-BasicDataSource](https://p4d0rn.gitbook.io/java/prerequisites/lei-jia-zai/bcel) * [FastJson-ByPass](https://github.com/p4d0rn/Java_Zoo/blob/main/Deserial/FastJson_ByPass.md) * [FastJson与原生反序列化(一)](https://paper.seebug.org/2055/) * [FastJson与原生反序列化(二)](https://y4tacker.github.io/2023/04/26/year/2023/4/FastJson%E4%B8%8E%E5%8E%9F%E7%94%9F%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96-%E4%BA%8C/) * [Jackson的原生反序列化利用](https://p4d0rn.gitbook.io/java/serial-journey/fastjson/jackson) * Other Components * [SnakeYaml](https://p4d0rn.gitbook.io/java/serial-journey/other-components/snakeyaml) * [C3P0](https://p4d0rn.gitbook.io/java/serial-journey/other-components/c3p0) * [AspectJWeaver](https://p4d0rn.gitbook.io/java/serial-journey/other-components/aspectjweaver) * [Rome](https://p4d0rn.gitbook.io/java/serial-journey/other-components/rome) * [Spring](https://p4d0rn.gitbook.io/java/serial-journey/other-components/spring) * [Hessian](https://p4d0rn.gitbook.io/java/serial-journey/other-components/hessian) * [Hessian\_Only\_JDK](https://p4d0rn.gitbook.io/java/serial-journey/other-components/hessian_only_jdk) * [Kryo](https://p4d0rn.gitbook.io/java/serial-journey/other-components/kryo) * [Dubbo](https://p4d0rn.gitbook.io/java/serial-journey/other-components/dubbo) ### 🌵RASP * [JavaAgent](https://p4d0rn.gitbook.io/java/rasp/javaagent) * [JVM](https://p4d0rn.gitbook.io/java/rasp/jvm) * [ByteCode](https://p4d0rn.gitbook.io/java/rasp/bytecode) * [JNI](https://p4d0rn.gitbook.io/java/rasp/jni) * ASM 🪡 * [ASM Intro](https://p4d0rn.gitbook.io/java/rasp/asm/asm0) * [Class Generation](https://p4d0rn.gitbook.io/java/rasp/asm/asm1) * [Class Transformation](https://p4d0rn.gitbook.io/java/rasp/asm/asm2) * [Rasp防御命令执行](https://p4d0rn.gitbook.io/java/rasp/rasp1) * [OpenRASP](https://p4d0rn.gitbook.io/java/readme) ### 🐎Memory Shell * [Tomcat-Architecture](https://p4d0rn.gitbook.io/java/memory-shell/tomcat) * Servlet API * [Listener](https://p4d0rn.gitbook.io/java/memory-shell/servlet-api/listener) * [Filter](https://p4d0rn.gitbook.io/java/memory-shell/servlet-api/filter) * [Servlet](https://p4d0rn.gitbook.io/java/memory-shell/servlet-api/servlet) * Tomcat-Middlewares * [Tomcat-Valve](https://p4d0rn.gitbook.io/java/memory-shell/tomcat-middlewares/valve) * [Tomcat-Executor](https://p4d0rn.gitbook.io/java/memory-shell/tomcat-middlewares/executor) * [Tomcat-Upgrade](https://p4d0rn.gitbook.io/java/memory-shell/tomcat-middlewares/upgrade) * [Agent MemShell](https://p4d0rn.gitbook.io/java/memory-shell/agent) * [WebSocket](https://p4d0rn.gitbook.io/java/memory-shell/websocket) * [内存马查杀](https://blog.csdn.net/SimoSimoSimo/article/details/127700190) * [IDEA本地调试Tomcat](https://p4d0rn.gitbook.io/java/memory-shell/de_tomcat) ### ✂️JDBC Attack * [MySQL JDBC Attack](https://p4d0rn.gitbook.io/java/jdbc-attack/mysql) * [H2 JDBC Attack](https://p4d0rn.gitbook.io/java/jdbc-attack/h2) ### 🎨Templates * [FreeMarker](https://p4d0rn.gitbook.io/java/templates/freemarker) * [Thymeleaf](https://p4d0rn.gitbook.io/java/templates/thymeleaf) * [Enjoy](https://p4d0rn.gitbook.io/java/templates/enjoy) ### 🎏MessageQueue * [ActiveMQ CNVD-2023-69477](https://p4d0rn.gitbook.io/java/messagequeue/activemq) * [AMQP CVE-2023-34050](https://p4d0rn.gitbook.io/java/messagequeue/amqp) * [Spring-Kafka CVE-2023-34040](https://p4d0rn.gitbook.io/java/messagequeue/kafka) * [RocketMQ CVE-2023-33246](https://github.com/p4d0rn/Java_Zoo/blob/main/MessageQueue/rocketmq.md) ### 🛡️Shiro * [Shiro Intro](https://p4d0rn.gitbook.io/java/shiro/shiro) * [Request URI ByPass](https://p4d0rn.gitbook.io/java/shiro/cve-2010-3863) * [Context Path ByPass](https://p4d0rn.gitbook.io/java/shiro/cve-2016-6802) * [Remember Me反序列化 CC-Shiro](https://p4d0rn.gitbook.io/java/shiro/cc-shiro) * [CB1与无CC依赖的反序列化链](https://p4d0rn.gitbook.io/java/shiro/cb1) ### 🍺Others * [Deserialization Twice](https://p4d0rn.gitbook.io/java/others/desertwice) * [A New Blazer 4 getter RCE](https://p4d0rn.gitbook.io/java/others/newgetter) * [Apache Commons Jxpath](https://p4d0rn.gitbook.io/java/others/jxpath) * [El Attack](https://p4d0rn.gitbook.io/java/others/elattack) * [Spel Attack](https://p4d0rn.gitbook.io/java/others/spel) * [C3P0原生反序列化的JNDI打法](https://p4d0rn.gitbook.io/java/others/c3p0) * [Log4j](https://p4d0rn.gitbook.io/java/others/log4j2) * Echo Tech * [SpringBoot Under Tomcat](https://p4d0rn.gitbook.io/java/others/echo-tech/sbtomcat) * CTF 🚩 * [长城杯-b4bycoffee (ROME反序列化)](https://p4d0rn.gitbook.io/java/others/ctf/b4bycoffee) * [MTCTF2022(CB+Shiro绕过)](https://p4d0rn.gitbook.io/java/others/ctf/mtctf2022) * [CISCN 2023 西南赛区半决赛 (Hessian原生JDK+Kryo反序列化)](https://p4d0rn.gitbook.io/java/others/ctf/seacloud) * [CISCN 2023 初赛 (高版本Commons Collections下其他依赖的利用)](https://p4d0rn.gitbook.io/java/others/ctf/deserbug) * [CISCN 2021 总决赛 ezj4va (AspectJWeaver写字节码文件到classpath)](https://p4d0rn.gitbook.io/java/others/ctf/ezj4va) * [D^3CTF2023 (新的getter+高版本JNDI不出网+Hessian异常toString)](https://p4d0rn.gitbook.io/java/others/ctf/d3java) * [WMCTF2023(CC链花式玩法+盲读文件)](https://p4d0rn.gitbook.io/java/others/ctf/wmctf2023) * [第六届安洵杯网络安全挑战赛(CB PriorityQueue替代+Postgresql JDBC Attack+FreeMarker)](https://p4d0rn.gitbook.io/java/others/ctf/axb2023) ### 🔍Code Inspector * CodeQL 🧶 * Tutorial * [Intro](https://p4d0rn.gitbook.io/java/code-inspector/codeql/tutorial/intro) * [Module](https://p4d0rn.gitbook.io/java/code-inspector/codeql/tutorial/module) * [Predicate](https://p4d0rn.gitbook.io/java/code-inspector/codeql/tutorial/predicate) * [Query](https://p4d0rn.gitbook.io/java/code-inspector/codeql/tutorial/query) * [Type](https://p4d0rn.gitbook.io/java/code-inspector/codeql/tutorial/type) * CodeQL 4 Java * [Basics](https://p4d0rn.gitbook.io/java/code-inspector/codeql/codeql-4-java/basics) * [DFA](https://p4d0rn.gitbook.io/java/code-inspector/codeql/codeql-4-java/dfa) * [Example](https://p4d0rn.gitbook.io/java/code-inspector/codeql/codeql-4-java/codeql4java) * SootUp ✨ * [Intro](https://p4d0rn.gitbook.io/java/code-inspector/sootup/intro) * [Jimple](https://p4d0rn.gitbook.io/java/code-inspector/sootup/jimple) * [DFA](https://p4d0rn.gitbook.io/java/code-inspector/sootup/dfa) * [CG](https://p4d0rn.gitbook.io/java/code-inspector/sootup/cg) * Tabby 🔦 * [install](https://p4d0rn.gitbook.io/java/code-inspector/tabby/install) * Theory * Static Analysis * [Intro](https://p4d0rn.gitbook.io/java/code-inspector/theory/static-analysis/intro) * [IR & CFG](https://p4d0rn.gitbook.io/java/code-inspector/theory/static-analysis/ir) * [DFA](https://p4d0rn.gitbook.io/java/code-inspector/theory/static-analysis/dfa) * [DFA-Foundation](https://p4d0rn.gitbook.io/java/code-inspector/theory/static-analysis/dfa-foundation) * [Interprocedural Analysis](https://p4d0rn.gitbook.io/java/code-inspector/theory/static-analysis/inter) * [Pointer Analysis](https://p4d0rn.gitbook.io/java/code-inspector/theory/static-analysis/pta) * [Pointer Analysis Foundation](https://p4d0rn.gitbook.io/java/code-inspector/theory/static-analysis/pta-foundation) * [PTA-Context Sensitivity](https://p4d0rn.gitbook.io/java/code-inspector/theory/static-analysis/pta-cs) * [Taint Anlysis](https://p4d0rn.gitbook.io/java/code-inspector/theory/static-analysis/taint) * [Datalog](https://p4d0rn.gitbook.io/java/code-inspector/theory/static-analysis/datalog)