Posted 2020-02-14Updated 2020-07-11web security17 minutes read (About 2621 words)Java原生序列化与反序列化代码简要分析写这篇文章目的主要在于进一步理解何为java原生反序列化,并且回答如下的几个问题。Read more
Posted 2020-01-31Updated 2020-07-11web security11 minutes read (About 1576 words)CAS的搭建及认证流程分析与比较CAS是一个单点登录(Single Sign On,简称SSO,SSO使得在多个应用系统中,用户只需要登录一次就可以访问所有相互信任的应用系统。)框架,开始是由耶鲁大学的一个组织开发,后来归到apereo去管。Read more
Posted 2020-01-22Updated 2020-07-11web security11 minutes read (About 1699 words)Java中双亲委派相关知识梳理在反序列化的学习过程中总是不可回避碰到这个点,这次就来简单看看。Read more
Posted 2020-01-11Updated 2020-07-11web security20 minutes read (About 3047 words)Java Runtime.getRuntime().exec由表及里这篇文章主要目的在于学习前人文章,并从更深入一点的角度探讨为什么Runtime.getRuntime().exec某些时候会失效这个问题。Read more
Posted 2020-01-03Updated 2020-07-11web security11 minutes read (About 1702 words)Hessian 序列化代码分析及业务场景学习Hessian是一个轻量级的remotingonhttp工具,使用简单的方法提供了RMI的功能Read more
Posted 2019-12-31Updated 2020-07-11web security4 minutes read (About 528 words)JAVA JNI 执行命令与调试JNI是Java Native Interface的缩写,利用它可以在比较底层的位置执行命令。Read more
Posted 2019-12-19Updated 2020-07-11windows security3 minutes read (About 473 words)Using Java's SSRF vulnerability rce via ntlm relay绕过 MS16-075 和 MIC校验进行ntlm relayRead more
Posted 2019-11-29Updated 2020-07-11web security5 minutes read (About 694 words)记一次调试Commons Collections5遇到的小坑故事的起因是学弟来问我为什么在调Commons Collections5的时候,还没有走到触发点就触发了RCE。Read more
Posted 2019-10-09Updated 2024-08-11web security14 minutes read (About 2034 words)s2-001 代码分析s2-001 代码分析Read more
Posted 2019-10-02Updated 2020-07-11web security22 minutes read (About 3248 words)fastjson 反序列化流程硬核跟踪fastjson用于将Java Bean序列化为JSON字符串,也可以从JSON字符串反序列化到JavaBean。Read more
2024-10-09APT溯源图构建-论文阅读第二篇-BEEP-High Accuracy Attack Provenance via Binary-based Execution Partitionredteam
2024-10-05APT溯源图构建-论文阅读第一篇-HOLMES: Real-time APT Detection through Correlation of Suspicious Information Flowsredteam