├── .DS_Store ├── 1.java反射机制.md ├── 10.jmx安全问题.md ├── 14.XXE之DocumentBuilder.md ├── 15.XXE之XML解析常用库的使用案例.md ├── 16.XXE之setFeature防御.md ├── 17.XMLDecoder反序列化.md ├── 18.Weblogic之XMLDecoder反序列化1_CVE-2017-3506.md ├── 2.java序列化与反序列化.md ├── 3. apache commons-collections中的反序列化.md ├── 4.Apache Dubbo反序列化漏洞分析.md ├── 4.log4j的反序列化.md ├── 5.IDEA调试技巧1.md ├── 5.IDEA调试技巧2——远程调试.md ├── 6.java rmi基础.md ├── 7.攻击rmi的方式.md ├── 8.jndi注入.md ├── 9.fastjson-1.2.24反序列化漏洞.md ├── AMF3反序列化.md ├── LICENSE ├── README.md ├── SnakeYaml反序列化.md ├── XStream反序列化.md ├── attack_rmi ├── 1091.png ├── client.png ├── exp.png ├── port.png └── server.png ├── class_loading ├── 20211012182331.png └── 20211013113646.png ├── class_structure ├── .DS_Store ├── 20210927181830.png ├── 20210927184848.png ├── 20210927185118.png ├── 20210927185136.png ├── 20210927185149.png ├── 20210928141617.png ├── 20210928143118.png ├── 20210928143416.png ├── 20210928150326.png ├── 20210928151257.png ├── 20210928152229.png ├── 20210928152552.png ├── 20210928153453.png ├── 20210928153829.png ├── 20210928154322.png ├── 20210928155930.png ├── 20210928161817.png ├── 20210928162057.png ├── 20210928162239.png ├── 20210928163114.png ├── 20210928164339.png ├── 20210928164924.png ├── 20210928165505.png ├── 20210928170036.png ├── 20210928171115.png ├── 20210928172228.png ├── 20210928172336.png ├── 20210929150126.png ├── 20210929161459.png ├── 20210929161945.png ├── 20210929162344.png ├── 20210929162858.png └── 20210929164838.png ├── debug_tricks ├── error.png ├── error_console.png ├── httpha.png ├── idea_debug.png ├── idea_source.png ├── jd-gui.png └── source_debug.png ├── debug_tricks2 ├── 1.png ├── 2.png ├── 3.png ├── debug.png ├── debug_port.png ├── first.png ├── forth.png ├── second.png └── third.png ├── dubbo_unser ├── Httprequesthandler.png ├── aced0005.png ├── burp.png ├── calc.png ├── http_provider.png ├── httpinvoker.png ├── impl.png ├── pom.png └── spring_web.png ├── dynamic_proxy ├── Pasted image 20211231165426.png └── proxy.jpeg ├── fastjson1224 ├── calc.png ├── json.png ├── json_to_obj.png └── type.png ├── hotspot ├── 20211011185001.png ├── 20211011185009.png └── 20211011185648.png ├── java动态代理.md ├── jmx ├── calc.png ├── jconsole.png ├── mlet.png ├── sayhello.png └── server1.png ├── jndi ├── api.png ├── client.png ├── demo.png ├── http.png ├── jndi.jpeg ├── jndi_inj.png ├── jndi_spi.png ├── rmi_codebase.png └── server.png ├── jvm-Class文件的结构.md ├── jvm-hotspot虚拟机对象探秘.md ├── jvm-字节码指令.md ├── jvm-类加载机制.md ├── jvm内存区域.md ├── log4j_unser ├── idea.png ├── main.png ├── socketnode.png ├── wireshark.png ├── wireshark2.png └── wireshark3.png ├── reflect ├── all.png └── invoke.png ├── rmi ├── project.png ├── res.png ├── rmi.png └── rmi2.png ├── ser_example1 ├── checksetValue.png ├── factory.png ├── last_wireshark.png ├── membervalues.png ├── poc2.png ├── transformedmap.png ├── transformedmap2.png ├── transformer.png ├── var.png ├── wireshark.png ├── wireshark2.png └── wireshark3.png ├── serialization ├── custom_readobject.png ├── ser.png ├── wireshark.png └── xxd.png ├── storage_structure ├── 20211013174349.png └── 20211014154051.png ├── tomcat ajp任意文件包含漏洞分析.md ├── tomcat_ajp_lfi ├── ajp.png ├── calc.png ├── poc.png └── req_attribute.png ├── weblogic_xmldecoder ├── calc.png ├── exp_chain.png ├── header.png ├── var3.png └── var4.png ├── wechat.png ├── xmldecoder ├── calc.png └── console.png ├── xxe1 ├── saxparser.png ├── win_ini.png ├── xxe_data.png └── xxe_defence.png └── xxe_patch ├── doctype.png ├── ext_general.png ├── ext_para.png └── ext_para1.png /.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/.DS_Store -------------------------------------------------------------------------------- /1.java反射机制.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/1.java反射机制.md -------------------------------------------------------------------------------- /10.jmx安全问题.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/10.jmx安全问题.md -------------------------------------------------------------------------------- /14.XXE之DocumentBuilder.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/14.XXE之DocumentBuilder.md -------------------------------------------------------------------------------- /15.XXE之XML解析常用库的使用案例.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/15.XXE之XML解析常用库的使用案例.md -------------------------------------------------------------------------------- /16.XXE之setFeature防御.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/16.XXE之setFeature防御.md -------------------------------------------------------------------------------- /17.XMLDecoder反序列化.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/17.XMLDecoder反序列化.md -------------------------------------------------------------------------------- /18.Weblogic之XMLDecoder反序列化1_CVE-2017-3506.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/18.Weblogic之XMLDecoder反序列化1_CVE-2017-3506.md -------------------------------------------------------------------------------- /2.java序列化与反序列化.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/2.java序列化与反序列化.md -------------------------------------------------------------------------------- /3. apache commons-collections中的反序列化.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/3. apache commons-collections中的反序列化.md -------------------------------------------------------------------------------- /4.Apache Dubbo反序列化漏洞分析.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/4.Apache Dubbo反序列化漏洞分析.md -------------------------------------------------------------------------------- /4.log4j的反序列化.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/4.log4j的反序列化.md -------------------------------------------------------------------------------- /5.IDEA调试技巧1.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/5.IDEA调试技巧1.md -------------------------------------------------------------------------------- /5.IDEA调试技巧2——远程调试.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/5.IDEA调试技巧2——远程调试.md -------------------------------------------------------------------------------- /6.java rmi基础.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/6.java rmi基础.md -------------------------------------------------------------------------------- /7.攻击rmi的方式.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/7.攻击rmi的方式.md -------------------------------------------------------------------------------- /8.jndi注入.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/8.jndi注入.md -------------------------------------------------------------------------------- /9.fastjson-1.2.24反序列化漏洞.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/9.fastjson-1.2.24反序列化漏洞.md -------------------------------------------------------------------------------- /AMF3反序列化.md: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/LICENSE -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/README.md -------------------------------------------------------------------------------- /SnakeYaml反序列化.md: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /XStream反序列化.md: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /attack_rmi/1091.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/attack_rmi/1091.png -------------------------------------------------------------------------------- /attack_rmi/client.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/attack_rmi/client.png -------------------------------------------------------------------------------- /attack_rmi/exp.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/attack_rmi/exp.png -------------------------------------------------------------------------------- /attack_rmi/port.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/attack_rmi/port.png -------------------------------------------------------------------------------- /attack_rmi/server.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/attack_rmi/server.png -------------------------------------------------------------------------------- /class_loading/20211012182331.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/class_loading/20211012182331.png -------------------------------------------------------------------------------- /class_loading/20211013113646.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/class_loading/20211013113646.png -------------------------------------------------------------------------------- /class_structure/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/class_structure/.DS_Store -------------------------------------------------------------------------------- /class_structure/20210927181830.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/class_structure/20210927181830.png -------------------------------------------------------------------------------- /class_structure/20210927184848.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/class_structure/20210927184848.png -------------------------------------------------------------------------------- /class_structure/20210927185118.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/class_structure/20210927185118.png -------------------------------------------------------------------------------- /class_structure/20210927185136.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/class_structure/20210927185136.png -------------------------------------------------------------------------------- /class_structure/20210927185149.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/class_structure/20210927185149.png -------------------------------------------------------------------------------- /class_structure/20210928141617.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/class_structure/20210928141617.png -------------------------------------------------------------------------------- /class_structure/20210928143118.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/class_structure/20210928143118.png -------------------------------------------------------------------------------- /class_structure/20210928143416.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/class_structure/20210928143416.png -------------------------------------------------------------------------------- /class_structure/20210928150326.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/class_structure/20210928150326.png -------------------------------------------------------------------------------- /class_structure/20210928151257.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/class_structure/20210928151257.png -------------------------------------------------------------------------------- /class_structure/20210928152229.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/class_structure/20210928152229.png -------------------------------------------------------------------------------- /class_structure/20210928152552.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/class_structure/20210928152552.png -------------------------------------------------------------------------------- /class_structure/20210928153453.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/class_structure/20210928153453.png -------------------------------------------------------------------------------- /class_structure/20210928153829.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/class_structure/20210928153829.png -------------------------------------------------------------------------------- /class_structure/20210928154322.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/class_structure/20210928154322.png -------------------------------------------------------------------------------- /class_structure/20210928155930.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/class_structure/20210928155930.png -------------------------------------------------------------------------------- /class_structure/20210928161817.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/class_structure/20210928161817.png -------------------------------------------------------------------------------- /class_structure/20210928162057.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/class_structure/20210928162057.png -------------------------------------------------------------------------------- /class_structure/20210928162239.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/class_structure/20210928162239.png -------------------------------------------------------------------------------- /class_structure/20210928163114.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/class_structure/20210928163114.png -------------------------------------------------------------------------------- /class_structure/20210928164339.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/class_structure/20210928164339.png -------------------------------------------------------------------------------- /class_structure/20210928164924.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/class_structure/20210928164924.png -------------------------------------------------------------------------------- /class_structure/20210928165505.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/class_structure/20210928165505.png -------------------------------------------------------------------------------- /class_structure/20210928170036.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/class_structure/20210928170036.png -------------------------------------------------------------------------------- /class_structure/20210928171115.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/class_structure/20210928171115.png -------------------------------------------------------------------------------- /class_structure/20210928172228.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/class_structure/20210928172228.png -------------------------------------------------------------------------------- /class_structure/20210928172336.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/class_structure/20210928172336.png -------------------------------------------------------------------------------- /class_structure/20210929150126.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/class_structure/20210929150126.png -------------------------------------------------------------------------------- /class_structure/20210929161459.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/class_structure/20210929161459.png -------------------------------------------------------------------------------- /class_structure/20210929161945.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/class_structure/20210929161945.png -------------------------------------------------------------------------------- /class_structure/20210929162344.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/class_structure/20210929162344.png -------------------------------------------------------------------------------- /class_structure/20210929162858.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/class_structure/20210929162858.png -------------------------------------------------------------------------------- /class_structure/20210929164838.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/class_structure/20210929164838.png -------------------------------------------------------------------------------- /debug_tricks/error.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/debug_tricks/error.png -------------------------------------------------------------------------------- /debug_tricks/error_console.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/debug_tricks/error_console.png -------------------------------------------------------------------------------- /debug_tricks/httpha.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/debug_tricks/httpha.png -------------------------------------------------------------------------------- /debug_tricks/idea_debug.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/debug_tricks/idea_debug.png -------------------------------------------------------------------------------- /debug_tricks/idea_source.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/debug_tricks/idea_source.png -------------------------------------------------------------------------------- /debug_tricks/jd-gui.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/debug_tricks/jd-gui.png -------------------------------------------------------------------------------- /debug_tricks/source_debug.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/debug_tricks/source_debug.png -------------------------------------------------------------------------------- /debug_tricks2/1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/debug_tricks2/1.png -------------------------------------------------------------------------------- /debug_tricks2/2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/debug_tricks2/2.png -------------------------------------------------------------------------------- /debug_tricks2/3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/debug_tricks2/3.png -------------------------------------------------------------------------------- /debug_tricks2/debug.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/debug_tricks2/debug.png -------------------------------------------------------------------------------- /debug_tricks2/debug_port.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/debug_tricks2/debug_port.png -------------------------------------------------------------------------------- /debug_tricks2/first.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/debug_tricks2/first.png -------------------------------------------------------------------------------- /debug_tricks2/forth.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/debug_tricks2/forth.png -------------------------------------------------------------------------------- /debug_tricks2/second.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/debug_tricks2/second.png -------------------------------------------------------------------------------- /debug_tricks2/third.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/debug_tricks2/third.png -------------------------------------------------------------------------------- /dubbo_unser/Httprequesthandler.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/dubbo_unser/Httprequesthandler.png -------------------------------------------------------------------------------- /dubbo_unser/aced0005.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/dubbo_unser/aced0005.png -------------------------------------------------------------------------------- /dubbo_unser/burp.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/dubbo_unser/burp.png -------------------------------------------------------------------------------- /dubbo_unser/calc.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/dubbo_unser/calc.png -------------------------------------------------------------------------------- /dubbo_unser/http_provider.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/dubbo_unser/http_provider.png -------------------------------------------------------------------------------- /dubbo_unser/httpinvoker.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/dubbo_unser/httpinvoker.png -------------------------------------------------------------------------------- /dubbo_unser/impl.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/dubbo_unser/impl.png -------------------------------------------------------------------------------- /dubbo_unser/pom.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/dubbo_unser/pom.png -------------------------------------------------------------------------------- /dubbo_unser/spring_web.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/dubbo_unser/spring_web.png -------------------------------------------------------------------------------- /dynamic_proxy/Pasted image 20211231165426.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/dynamic_proxy/Pasted image 20211231165426.png -------------------------------------------------------------------------------- /dynamic_proxy/proxy.jpeg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/dynamic_proxy/proxy.jpeg -------------------------------------------------------------------------------- /fastjson1224/calc.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/fastjson1224/calc.png -------------------------------------------------------------------------------- /fastjson1224/json.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/fastjson1224/json.png -------------------------------------------------------------------------------- /fastjson1224/json_to_obj.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/fastjson1224/json_to_obj.png -------------------------------------------------------------------------------- /fastjson1224/type.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/fastjson1224/type.png -------------------------------------------------------------------------------- /hotspot/20211011185001.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/hotspot/20211011185001.png -------------------------------------------------------------------------------- /hotspot/20211011185009.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/hotspot/20211011185009.png -------------------------------------------------------------------------------- /hotspot/20211011185648.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/hotspot/20211011185648.png -------------------------------------------------------------------------------- /java动态代理.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/java动态代理.md -------------------------------------------------------------------------------- /jmx/calc.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/jmx/calc.png -------------------------------------------------------------------------------- /jmx/jconsole.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/jmx/jconsole.png -------------------------------------------------------------------------------- /jmx/mlet.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/jmx/mlet.png -------------------------------------------------------------------------------- /jmx/sayhello.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/jmx/sayhello.png -------------------------------------------------------------------------------- /jmx/server1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/jmx/server1.png -------------------------------------------------------------------------------- /jndi/api.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/jndi/api.png -------------------------------------------------------------------------------- /jndi/client.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/jndi/client.png -------------------------------------------------------------------------------- /jndi/demo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/jndi/demo.png -------------------------------------------------------------------------------- /jndi/http.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/jndi/http.png -------------------------------------------------------------------------------- /jndi/jndi.jpeg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/jndi/jndi.jpeg -------------------------------------------------------------------------------- /jndi/jndi_inj.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/jndi/jndi_inj.png -------------------------------------------------------------------------------- /jndi/jndi_spi.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/jndi/jndi_spi.png -------------------------------------------------------------------------------- /jndi/rmi_codebase.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/jndi/rmi_codebase.png -------------------------------------------------------------------------------- /jndi/server.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/jndi/server.png -------------------------------------------------------------------------------- /jvm-Class文件的结构.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/jvm-Class文件的结构.md -------------------------------------------------------------------------------- /jvm-hotspot虚拟机对象探秘.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/jvm-hotspot虚拟机对象探秘.md -------------------------------------------------------------------------------- /jvm-字节码指令.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/jvm-字节码指令.md -------------------------------------------------------------------------------- /jvm-类加载机制.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/jvm-类加载机制.md -------------------------------------------------------------------------------- /jvm内存区域.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/jvm内存区域.md -------------------------------------------------------------------------------- /log4j_unser/idea.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/log4j_unser/idea.png -------------------------------------------------------------------------------- /log4j_unser/main.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/log4j_unser/main.png -------------------------------------------------------------------------------- /log4j_unser/socketnode.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/log4j_unser/socketnode.png -------------------------------------------------------------------------------- /log4j_unser/wireshark.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/log4j_unser/wireshark.png -------------------------------------------------------------------------------- /log4j_unser/wireshark2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/log4j_unser/wireshark2.png -------------------------------------------------------------------------------- /log4j_unser/wireshark3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/log4j_unser/wireshark3.png -------------------------------------------------------------------------------- /reflect/all.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/reflect/all.png -------------------------------------------------------------------------------- /reflect/invoke.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/reflect/invoke.png -------------------------------------------------------------------------------- /rmi/project.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/rmi/project.png -------------------------------------------------------------------------------- /rmi/res.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/rmi/res.png -------------------------------------------------------------------------------- /rmi/rmi.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/rmi/rmi.png -------------------------------------------------------------------------------- /rmi/rmi2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/rmi/rmi2.png -------------------------------------------------------------------------------- /ser_example1/checksetValue.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/ser_example1/checksetValue.png -------------------------------------------------------------------------------- /ser_example1/factory.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/ser_example1/factory.png -------------------------------------------------------------------------------- /ser_example1/last_wireshark.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/ser_example1/last_wireshark.png -------------------------------------------------------------------------------- /ser_example1/membervalues.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/ser_example1/membervalues.png -------------------------------------------------------------------------------- /ser_example1/poc2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/ser_example1/poc2.png -------------------------------------------------------------------------------- /ser_example1/transformedmap.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/ser_example1/transformedmap.png -------------------------------------------------------------------------------- /ser_example1/transformedmap2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/ser_example1/transformedmap2.png -------------------------------------------------------------------------------- /ser_example1/transformer.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/ser_example1/transformer.png -------------------------------------------------------------------------------- /ser_example1/var.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/ser_example1/var.png -------------------------------------------------------------------------------- /ser_example1/wireshark.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/ser_example1/wireshark.png -------------------------------------------------------------------------------- /ser_example1/wireshark2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/ser_example1/wireshark2.png -------------------------------------------------------------------------------- /ser_example1/wireshark3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/ser_example1/wireshark3.png -------------------------------------------------------------------------------- /serialization/custom_readobject.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/serialization/custom_readobject.png -------------------------------------------------------------------------------- /serialization/ser.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/serialization/ser.png -------------------------------------------------------------------------------- /serialization/wireshark.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/serialization/wireshark.png -------------------------------------------------------------------------------- /serialization/xxd.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/serialization/xxd.png -------------------------------------------------------------------------------- /storage_structure/20211013174349.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/storage_structure/20211013174349.png -------------------------------------------------------------------------------- /storage_structure/20211014154051.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/storage_structure/20211014154051.png -------------------------------------------------------------------------------- /tomcat ajp任意文件包含漏洞分析.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/tomcat ajp任意文件包含漏洞分析.md -------------------------------------------------------------------------------- /tomcat_ajp_lfi/ajp.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/tomcat_ajp_lfi/ajp.png -------------------------------------------------------------------------------- /tomcat_ajp_lfi/calc.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/tomcat_ajp_lfi/calc.png -------------------------------------------------------------------------------- /tomcat_ajp_lfi/poc.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/tomcat_ajp_lfi/poc.png -------------------------------------------------------------------------------- /tomcat_ajp_lfi/req_attribute.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/tomcat_ajp_lfi/req_attribute.png -------------------------------------------------------------------------------- /weblogic_xmldecoder/calc.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/weblogic_xmldecoder/calc.png -------------------------------------------------------------------------------- /weblogic_xmldecoder/exp_chain.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/weblogic_xmldecoder/exp_chain.png -------------------------------------------------------------------------------- /weblogic_xmldecoder/header.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/weblogic_xmldecoder/header.png -------------------------------------------------------------------------------- /weblogic_xmldecoder/var3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/weblogic_xmldecoder/var3.png -------------------------------------------------------------------------------- /weblogic_xmldecoder/var4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/weblogic_xmldecoder/var4.png -------------------------------------------------------------------------------- /wechat.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/wechat.png -------------------------------------------------------------------------------- /xmldecoder/calc.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/xmldecoder/calc.png -------------------------------------------------------------------------------- /xmldecoder/console.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/xmldecoder/console.png -------------------------------------------------------------------------------- /xxe1/saxparser.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/xxe1/saxparser.png -------------------------------------------------------------------------------- /xxe1/win_ini.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/xxe1/win_ini.png -------------------------------------------------------------------------------- /xxe1/xxe_data.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/xxe1/xxe_data.png -------------------------------------------------------------------------------- /xxe1/xxe_defence.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/xxe1/xxe_defence.png -------------------------------------------------------------------------------- /xxe_patch/doctype.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/xxe_patch/doctype.png -------------------------------------------------------------------------------- /xxe_patch/ext_general.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/xxe_patch/ext_general.png -------------------------------------------------------------------------------- /xxe_patch/ext_para.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/xxe_patch/ext_para.png -------------------------------------------------------------------------------- /xxe_patch/ext_para1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Maskhe/javasec/HEAD/xxe_patch/ext_para1.png --------------------------------------------------------------------------------