About This Book

👋Hi There! This is a repository to record my study of Java Security

⭐I'd appreciate you lighting up the star (if you like this repository🙂)

repository: https://github.com/p4d0rn/Java_Zoo

gitbook: https://p4d0rn.gitbook.io/java

OpenJDK: https://hg.openjdk.org/jdk8u/jdk8u/jdk/tags

---

Table of contents

• About This Book

🍖Prerequisites

• 反射

  • 反射基本使用

  • 高版本JDK反射绕过

  • 反射调用命令执行

  • 反射构造HashMap

  • 方法句柄

• 类加载

  • 动态加载字节码

  • 双亲委派模型

  • BCEL

  • SPI

• RMI & JNDI

  • RPC Intro

  • RMI

  • JEP 290

  • JNDI

• Misc

  • Unsafe

  • 代理模式

  • JMX

  • JDWP

  • JPDA

  • JVMTI

  • JNA

  • Java Security Manager

👻Serial Journey

• URLDNS

• SerialVersionUID

• Commons Collection 🥏

  • CC1-TransformedMap

  • CC1-LazyMap

  • CC6

  • CC3

  • CC2

• FastJson 🪁

  • FastJson-Basic Usage

  • FastJson-TemplatesImpl

  • FastJson-JdbcRowSetImpl

  • FastJson-BasicDataSource

  • FastJson-ByPass

  • FastJson与原生反序列化(一)

  • FastJson与原生反序列化(二)

  • Jackson的原生反序列化利用

• Other Components

  • SnakeYaml

  • C3P0

  • AspectJWeaver

  • Rome

  • Spring

  • Hessian

  • Hessian_Only_JDK

  • Kryo

  • Dubbo

🌵RASP

• JavaAgent

• JVM

• ByteCode

• JNI

• ASM 🪡

  • ASM Intro

  • Class Generation

  • Class Transformation

• Rasp防御命令执行

• OpenRASP

🐎Memory Shell

• Tomcat-Architecture

• Servlet API

  • Listener

  • Filter

  • Servlet

• Tomcat-Middlewares

  • Tomcat-Valve

  • Tomcat-Executor

  • Tomcat-Upgrade

• Agent MemShell

• WebSocket

• 内存马查杀

• IDEA本地调试Tomcat

✂️JDBC Attack

• MySQL JDBC Attack

• H2 JDBC Attack

🎨Templates

• FreeMarker

• Thymeleaf

• Enjoy

🎏MessageQueue

• ActiveMQ CNVD-2023-69477

• AMQP CVE-2023-34050

• Spring-Kafka CVE-2023-34040

• RocketMQ CVE-2023-33246

🛡️Shiro

• Shiro Intro

• Request URI ByPass

• Context Path ByPass

• Remember Me反序列化 CC-Shiro

• CB1与无CC依赖的反序列化链

🍺Others

• Deserialization Twice

• A New Blazer 4 getter RCE

• Apache Commons Jxpath

• El Attack

• Spel Attack

• C3P0原生反序列化的JNDI打法

• Log4j

• Echo Tech

  • SpringBoot Under Tomcat

• CTF 🚩

  • 长城杯-b4bycoffee (ROME反序列化)

  • MTCTF2022(CB+Shiro绕过)

  • CISCN 2023 西南赛区半决赛 (Hessian原生JDK+Kryo反序列化)

  • CISCN 2023 初赛 (高版本Commons Collections下其他依赖的利用)

  • CISCN 2021 总决赛 ezj4va (AspectJWeaver写字节码文件到classpath)

  • D^3CTF2023 (新的getter+高版本JNDI不出网+Hessian异常toString)

  • WMCTF2023（CC链花式玩法+盲读文件）

  • 第六届安洵杯网络安全挑战赛（CB PriorityQueue替代+Postgresql JDBC Attack+FreeMarker）

🔍Code Inspector

• CodeQL 🧶

  • Tutorial

    • Intro

    • Module

    • Predicate

    • Query

    • Type

  • CodeQL 4 Java

    • Basics

    • DFA

    • Example

• SootUp ✨

  • Intro

  • Jimple

  • DFA

  • CG

• Tabby 🔦

  • install

• Theory

  • Static Analysis

    • Intro

    • IR & CFG

    • DFA

    • DFA-Foundation

    • Interprocedural Analysis

    • Pointer Analysis

    • Pointer Analysis Foundation

    • PTA-Context Sensitivity

    • Taint Anlysis

    • Datalog