Linking pages
- What Do WebLogic, WebSphere, JBoss, Jenkins, OpenNMS, and Your Application Have in Common? This Vulnerability. http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/ 175 comments
- This Is Not a Test: APT41 Initiates Global Intrusion Campaign Using Multiple Exploits | Mandiant https://www.fireeye.com/blog/threat-research/2020/03/apt41-initiates-global-intrusion-campaign-using-multiple-exploits.html 35 comments
- State of Pentesting 2020 – Sec Team Blog https://blog.scrt.ch/2020/12/28/state-of-pentesting-2020/ 20 comments
- Unsafe deserialization in SnakeYaml - Exploring CVE-2022-1471 | Snyk https://snyk.io/blog/unsafe-deserialization-snakeyaml-java-cve-2022-1471/ 18 comments
- GitHub - gquere/pwn_jenkins: Notes about attacking Jenkins servers https://github.com/gquere/pwn_jenkins 13 comments
- Java Deserialization — From Discovery to Reverse Shell on Limited Environments | by Francesco Soncina (phra) | ABN AMRO — Red Team | Medium https://medium.com/abn-amro-red-team/java-deserialization-from-discovery-to-reverse-shell-on-limited-environments-2e7b4e14fbef 12 comments
- Tricking blind Java deserialization for a treat – Security Café https://securitycafe.ro/2017/11/03/tricking-java-serialization-for-a-treat/ 12 comments
- GitHub - jerrinot/log4shell-ldap: A tool for checking log4shell vulnerability mitigations https://github.com/jerrinot/log4shell-ldap/ 10 comments
- POC or Stop The Calc Popping Videos – CVE-2017-9830 – CVE-2019-7839 – Securifera https://www.securifera.com/blog/2019/08/03/poc-or-stop-the-calc-popping-videos-cve-2017-9830-cve-2019-7839/ 9 comments
- Busting Cisco's Beans :: Hardcoding Your Way to Hell https://srcincite.io/blog/2020/01/14/busting-ciscos-beans-hardcoding-your-way-to-hell.html 7 comments
- OpenJDK Discusses Post-SecurityManager Practices https://www.infoq.com/news/2021/06/openjdk-post-securitymanager/ 4 comments
- GitHub - pimps/JNDI-Exploit-Kit: JNDI-Exploitation-Kit(A modified version of the great JNDI-Injection-Exploit created by @welk1n. This tool can be used to start an HTTP Server, RMI Server and LDAP Server to exploit java web apps vulnerable to JNDI Injection) https://github.com/pimps/JNDI-Exploit-Kit 4 comments
- Arkham - Chad Porter https://blog.chadp.me/posts/htb-arkham 3 comments
- GitHub - ambionics/phpggc: PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically. https://github.com/ambionics/phpggc 3 comments
- Log4Shell - different avenues of exploitation https://olexvel.substack.com/p/log4shell-different-avenues-of-exploitation 3 comments
- GitHub - qtc-de/remote-method-guesser: Java RMI Vulnerability Scanner https://github.com/qtc-de/remote-method-guesser 1 comment
- Java applet + serialization in 2024! What could go wrong? - hn security https://security.humanativaspa.it/java-applet-serialization-in-2024-what-could-go-wrong/ 1 comment
- Extending Burp Suite for fun and profit - The Montoya way - Part 7 - hn security https://security.humanativaspa.it/extending-burp-suite-for-fun-and-profit-the-montoya-way-part-7/ 1 comment
- Great Time at JavaZone 2022 - DEV Community 👩💻👨💻 https://dev.to/codenameone/great-time-at-javazone-2022-43p8 0 comments
- Exploiting VLAN Double Tagging | NotSoSecure https://www.notsosecure.com/exploiting-vlan-double-tagging/ 0 comments
Related searches:
Search whole site: site:github.com
Search title: GitHub - frohoff/ysoserial: A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
See how to search.