2 Repos
Study of how libraries can be chained together to trigger unintended behavior on target systems.
Distinct from Remote Code Execution Mitigations: Distinct from mitigations or hardware execution: focuses on the research of chaining software libraries for RCE.
Explore 2 awesome GitHub repositories matching security & cryptography · Remote Code Execution Research. Refine with filters or upvote what's useful.
ysoserial is a security research tool and payload generator designed to identify and exploit insecure Java deserialization. It functions as a framework for creating malicious serialized objects that can trigger remote code execution on Java virtual machines. The project provides a library of known gadget chains, which are sequences of vulnerable class calls that achieve arbitrary command execution during the deserialization process. It automates the generation of these payloads by leveraging common third-party libraries. The tool covers capabilities for security penetration testing, Java app
Studies how common Java libraries can be chained together to trigger unintended behavior on a target system.
Marshalsec is a toolkit designed for generating malicious serialized Java objects to achieve remote code execution during the unmarshalling process. It functions as a Java deserialization exploit tool and a framework for triggering Java Naming and Directory Interface lookups to remote servers. The project provides a JNDI redirector service that intercepts lookups and points targets toward a remote codebase. It includes utilities for crafting payloads that force Java applications to download and execute arbitrary classes from a remote URL. The toolset covers security analysis activities inclu
Researches how libraries can be chained together to trigger unintended behavior and RCE on target systems.