Java
  • About This Book
  • 🍖Prerequisites
    • 反射
      • 反射基本使用
      • 高版本JDK反射绕过
      • 反射调用命令执行
      • 反射构造HashMap
      • 方法句柄
    • 类加载
      • 动态加载字节码
      • 双亲委派模型
      • BCEL
      • SPI
    • RMI & JNDI
      • RPC Intro
      • RMI
      • JEP 290
      • JNDI
    • Misc
      • Unsafe
      • 代理模式
      • JMX
      • JDWP
      • JPDA
      • JVMTI
      • JNA
      • Java Security Manager
  • 👻Serial Journey
    • URLDNS
    • SerialVersionUID
    • Commons Collection 🥏
      • CC1-TransformedMap
      • CC1-LazyMap
      • CC6
      • CC3
      • CC2
    • FastJson 🪁
      • FastJson-Basic Usage
      • FastJson-TemplatesImpl
      • FastJson-JdbcRowSetImpl
      • FastJson-BasicDataSource
      • FastJson-ByPass
      • FastJson与原生反序列化(一)
      • FastJson与原生反序列化(二)
      • Jackson的原生反序列化利用
    • Other Components
      • SnakeYaml
      • C3P0
      • AspectJWeaver
      • Rome
      • Spring
      • Hessian
      • Hessian_Only_JDK
      • Kryo
      • Dubbo
  • 🌵RASP
    • JavaAgent
    • JVM
    • ByteCode
    • JNI
    • ASM 🪡
      • ASM Intro
      • Class Generation
      • Class Transformation
    • Rasp防御命令执行
    • OpenRASP
  • 🐎Memory Shell
    • Tomcat-Architecture
    • Servlet API
      • Listener
      • Filter
      • Servlet
    • Tomcat-Middlewares
      • Tomcat-Valve
      • Tomcat-Executor
      • Tomcat-Upgrade
    • Agent MemShell
    • WebSocket
    • 内存马查杀
    • IDEA本地调试Tomcat
  • ✂️JDBC Attack
    • MySQL JDBC Attack
    • H2 JDBC Attack
  • 🎨Templates
    • FreeMarker
    • Thymeleaf
    • Enjoy
  • 🎏MessageQueue
    • ActiveMQ CNVD-2023-69477
    • AMQP CVE-2023-34050
    • Spring-Kafka CVE-2023-34040
    • RocketMQ CVE-2023-33246
  • 🛡️Shiro
    • Shiro Intro
    • Request URI ByPass
    • Context Path ByPass
    • Remember Me反序列化 CC-Shiro
    • CB1与无CC依赖的反序列化链
  • 🍺Others
    • Deserialization Twice
    • A New Blazer 4 getter RCE
    • Apache Commons Jxpath
    • El Attack
    • Spel Attack
    • C3P0原生反序列化的JNDI打法
    • Log4j
    • Echo Tech
      • SpringBoot Under Tomcat
    • CTF 🚩
      • 长城杯-b4bycoffee (ROME反序列化)
      • MTCTF2022(CB+Shiro绕过)
      • CISCN 2023 西南赛区半决赛 (Hessian原生JDK+Kryo反序列化)
      • CISCN 2023 初赛 (高版本Commons Collections下其他依赖的利用)
      • CISCN 2021 总决赛 ezj4va (AspectJWeaver写字节码文件到classpath)
      • D^3CTF2023 (新的getter+高版本JNDI不出网+Hessian异常toString)
      • WMCTF2023(CC链花式玩法+盲读文件)
      • 第六届安洵杯网络安全挑战赛(CB PriorityQueue替代+Postgresql JDBC Attack+FreeMarker)
  • 🔍Code Inspector
    • CodeQL 🧶
      • Tutorial
        • Intro
        • Module
        • Predicate
        • Query
        • Type
      • CodeQL 4 Java
        • Basics
        • DFA
        • Example
    • SootUp ✨
      • Intro
      • Jimple
      • DFA
      • CG
    • Tabby 🔦
      • install
    • Theory
      • Static Analysis
        • Intro
        • IR & CFG
        • DFA
        • DFA-Foundation
        • Interprocedural Analysis
        • Pointer Analysis
        • Pointer Analysis Foundation
        • PTA-Context Sensitivity
        • Taint Anlysis
        • Datalog
Powered by GitBook
On this page
  • Table of contents
  • 🍖Prerequisites
  • 👻Serial Journey
  • 🌵RASP
  • 🐎Memory Shell
  • ✂️JDBC Attack
  • 🎨Templates
  • 🎏MessageQueue
  • 🛡️Shiro
  • 🍺Others
  • 🔍Code Inspector

Was this helpful?

  1. 🌵RASP

OpenRASP

PreviousRasp防御命令执行NextTomcat-Architecture

Last updated 7 months ago

Was this helpful?

👋Hi There! This is a repository to record my study of Java Security

⭐I'd appreciate you lighting up the star (if you like this repository🙂)

repository:

gitbook:

OpenJDK: https://hg.openjdk.org/jdk8u/jdk8u/jdk/tags


Table of contents

🍖Prerequisites

  • 反射

  • 类加载

  • RMI & JNDI

  • Misc

👻Serial Journey

  • Commons Collection 🥏

  • FastJson 🪁

  • Other Components

🌵RASP

  • ASM 🪡

🐎Memory Shell

  • Servlet API

  • Tomcat-Middlewares

✂️JDBC Attack

🎨Templates

🎏MessageQueue

🛡️Shiro

🍺Others

  • Echo Tech

  • CTF 🚩

🔍Code Inspector

  • CodeQL 🧶

    • Tutorial

    • CodeQL 4 Java

  • SootUp ✨

  • Tabby 🔦

  • Theory

    • Static Analysis

https://github.com/p4d0rn/Java_Zoo
https://p4d0rn.gitbook.io/java
About This Book
反射基本使用
高版本JDK反射绕过
反射调用命令执行
反射构造HashMap
方法句柄
动态加载字节码
双亲委派模型
BCEL
SPI
RPC Intro
RMI
JEP 290
JNDI
Unsafe
代理模式
JMX
JDWP
JPDA
JVMTI
JNA
Java Security Manager
URLDNS
SerialVersionUID
CC1-TransformedMap
CC1-LazyMap
CC6
CC3
CC2
FastJson-Basic Usage
FastJson-TemplatesImpl
FastJson-JdbcRowSetImpl
FastJson-BasicDataSource
FastJson-ByPass
FastJson与原生反序列化(一)
FastJson与原生反序列化(二)
Jackson的原生反序列化利用
SnakeYaml
C3P0
AspectJWeaver
Rome
Spring
Hessian
Hessian_Only_JDK
Kryo
Dubbo
JavaAgent
JVM
ByteCode
JNI
ASM Intro
Class Generation
Class Transformation
Rasp防御命令执行
OpenRASP
Tomcat-Architecture
Listener
Filter
Servlet
Tomcat-Valve
Tomcat-Executor
Tomcat-Upgrade
Agent MemShell
WebSocket
内存马查杀
IDEA本地调试Tomcat
MySQL JDBC Attack
H2 JDBC Attack
FreeMarker
Thymeleaf
Enjoy
ActiveMQ CNVD-2023-69477
AMQP CVE-2023-34050
Spring-Kafka CVE-2023-34040
RocketMQ CVE-2023-33246
Shiro Intro
Request URI ByPass
Context Path ByPass
Remember Me反序列化 CC-Shiro
CB1与无CC依赖的反序列化链
Deserialization Twice
A New Blazer 4 getter RCE
Apache Commons Jxpath
El Attack
Spel Attack
C3P0原生反序列化的JNDI打法
Log4j
SpringBoot Under Tomcat
长城杯-b4bycoffee (ROME反序列化)
MTCTF2022(CB+Shiro绕过)
CISCN 2023 西南赛区半决赛 (Hessian原生JDK+Kryo反序列化)
CISCN 2023 初赛 (高版本Commons Collections下其他依赖的利用)
CISCN 2021 总决赛 ezj4va (AspectJWeaver写字节码文件到classpath)
D^3CTF2023 (新的getter+高版本JNDI不出网+Hessian异常toString)
WMCTF2023(CC链花式玩法+盲读文件)
第六届安洵杯网络安全挑战赛(CB PriorityQueue替代+Postgresql JDBC Attack+FreeMarker)
Intro
Module
Predicate
Query
Type
Basics
DFA
Example
Intro
Jimple
DFA
CG
install
Intro
IR & CFG
DFA
DFA-Foundation
Interprocedural Analysis
Pointer Analysis
Pointer Analysis Foundation
PTA-Context Sensitivity
Taint Anlysis
Datalog