Content-Type Research

CVE-2017-12149 jboss反序列化 可回显

Apache Shiro 反序列化漏洞检测与利用工具

Supplemental templates for securing the cloud.

Reverse proxies cheatsheet

Grafana Unauthorized arbitrary file reading vulnerability

開源的正體中文 Web Hacking 學習資源 - 程式安全 2021 Fall

There is no pre-auth RCE in Jenkins since May 2017, but this is the one!

Collection of CTF Web challenges I made

Collections of Orange Tsai's public presentation slides.

Our main goal is to share tips from some well-known bughunters. Using recon methodology, we are able to find subdomains, apis, and tokens that are already exploitable, so we can report them. We wis…

Tool for discovering the origin host behind a reverse proxy. Useful for bypassing cloud WAFs!

A walkthrough of security controls for a serverless architecture via a demo application

💀 Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh

域控安全one for all

Linux EDR written in Golang and based on eBPF.

Redis 漏洞利用工具

收集的文章 https://mrwq.github.io/tools/paper/

Proof of concept code for Datadog Security Labs referenced exploits.

ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

🛠 Knowledge about the topic of x86 assembly & disassembly 🛠

JNDI-Exploitation-Kit（A modified version of the great JNDI-Injection-Exploit created by @welk1n. This tool can be used to start an HTTP Server, RMI Server and LDAP Server to exploit java web apps v…

JNDI注入测试工具（A tool which generates JNDI links can start several servers to exploit JNDI Injection vulnerability,like Jackson,Fastjson,etc）

😎 Awesome lists about all kinds of interesting topics

A curated list of resources for learning about application security

Java反序列化漏洞利用工具V1.0 Java反序列化相关漏洞的检查工具，采用JDK 1.8+NetBeans8.2开发，软件运行必须安装JDK 1.8或者以上版本。 支持：weblogic xml反序列化漏洞 CVE-2017-10271/CNVD-C-2019-48814/CVE-2019-2725检查。

XStream相关漏洞POC及分析复现环境

Payload Arsenal for Pentration Tester and Bug Bounty Hunters

一些关于渗透测试的Tips