Java Security Learning Notes -- a simple analysis of the source code of HashMap class using deserialization chain

preface The HashSet and Hashtable used by both CC6 and CC7 chains of ysoserial deserialization vulnerability exploitation tool are hash table based data storage structures. When it comes to hash table, the HashMap class is the most used hash table storage structure in Java. At the same time, HashMap class is also the underlying implementation ...

Added by jek1134 on Tue, 25 Jan 2022 19:30:32 +0200

Penetration within the Cobalt Strike domain

Solemnly declare: This note is only prepared for the purpose of improving safety knowledge and sharing safety knowledge with more people. Do not use the technology in the note for illegal activities. The consequences caused by using the technology in the note have nothing to do with the author himself. We advocate that everyone is responsible f ...

Added by silvrfoxx on Tue, 25 Jan 2022 18:08:38 +0200

Why is ConcurrentHashMap thread safe?

ConcurrentHashMap is a multi-threaded version of HashMap. HashMap will have various problems during concurrent operation, such as dead circulation, data coverage and so on. These problems can be perfectly solved by using ConcurrentHashMap. Here's the problem. How does ConcurrentHashMap ensure thread safety? How is its bottom layer realized? Nex ...

Added by bad_gui on Tue, 25 Jan 2022 17:40:56 +0200

Flutter entry series - flutter air safety

What is empty security?? Under what circumstances is it safe to use empty space? What version? Since Flutter 2, Flutter has enabled null security by default in the configuration. By incorporating null checking into the type system, these errors can be caught during the development process, so as to prevent the crash caused by the reproduction ...

Added by mullz on Tue, 25 Jan 2022 10:47:47 +0200

Deploying JumpServer fortress -- Docker mode

1. Introduction to JumpServer Jumpserver is the world's first open source fortress machine, developed and open source by flying to cloud Internet company. "Fortress machine" is also called operation and maintenance security audit system. The core function of jumpserver is 4a. It uses GNU GPL v2 0 open source protocol, which is ...

Added by SEVIZ on Tue, 25 Jan 2022 09:52:54 +0200

Skillfully using code to deal with the number of increment detection returns

Problem discovery When writing a poc plug-in for reading arbitrary files at one time, the author found that using the burp replay package function can easily reproduce the vulnerability, but using *. Written in python However, the py script cannot successfully output the result of success.Looking at the python script again, I fell into a long ...

Added by Dale on Mon, 24 Jan 2022 21:31:56 +0200

Java Security Learning Notes -- deserialization vulnerability utilization chain CC6 chain

Test environment: jdk1.8(jdk8u71) Commons Collections4.0 HashSet HashSet uses the data structure of the Hash table. The time complexity of adding, deleting, modifying and querying is O(1). Set is a set. The elements are not added in order, and there will be no duplicate elements in the set. Combined with this, we can roughly know the ...

Added by 2DaysAway on Mon, 24 Jan 2022 15:14:16 +0200

Why is ConcurrentHashMap thread safe?

ConcurrentHashMap is a multi-threaded version of HashMap. HashMap will have various problems during concurrent operation, such as dead circulation, data coverage and so on. These problems can be perfectly solved by using ConcurrentHashMap. Here's the problem. How does ConcurrentHashMap ensure thread safety? How is its bottom layer realized? ...

Added by cabldawg on Mon, 24 Jan 2022 07:42:04 +0200

Apache common collections with Java deserialization vulnerability

Apache common collections with Java deserialization vulnerability Gongzong No.: Black palm A blogger who focuses on sharing network security, hot spots in the hacker circle and hacker tool technology area! preface: Recently, I calmed down and read a lot of Daniel's notes and blogs. I have gained a lot, so I'd like to record the first ...

Added by messer on Sun, 23 Jan 2022 23:39:34 +0200

Great God forum reverse shelling analysis basic learning notes three general registers and memory reading and writing

This article is the third of my study notes on reverse cracking shelling in the great God forum. It is my review and summary of what I have learned in the past. There may be fallacies. You are welcome to point out. Notes will be released one after another, hoping to help Mengxin who wants to get started and make progress together 32-bit gener ...

Added by monkeytooth on Sun, 23 Jan 2022 09:03:17 +0200