1 Repo
Techniques for matching payload dependencies with the target application's classpath to ensure successful exploitation.
Distinct from Dependency Injection: Distinct from Dependency Injection: this is about aligning external library versions for exploit compatibility, not architectural decoupling.
Explore 1 awesome GitHub repository matching security & cryptography · Classpath Payload Alignment. Refine with filters or upvote what's useful.
ysoserial is a security research tool and payload generator designed to identify and exploit insecure Java deserialization. It functions as a framework for creating malicious serialized objects that can trigger remote code execution on Java virtual machines. The project provides a library of known gadget chains, which are sequences of vulnerable class calls that achieve arbitrary command execution during the deserialization process. It automates the generation of these payloads by leveraging common third-party libraries. The tool covers capabilities for security penetration testing, Java app
Bundles specific versions of third-party libraries to ensure generated payloads match the target application's classpath.