René's URL Explorer Experiment


Title: GitHub - 1diot9/MyJavaSecStudy: 在Java安全学习过程中的笔记和代码

Open Graph Title: GitHub - 1diot9/MyJavaSecStudy: 在Java安全学习过程中的笔记和代码

X Title: GitHub - 1diot9/MyJavaSecStudy: 在Java安全学习过程中的笔记和代码

Description: 在Java安全学习过程中的笔记和代码. Contribute to 1diot9/MyJavaSecStudy development by creating an account on GitHub.

Open Graph Description: 在Java安全学习过程中的笔记和代码. Contribute to 1diot9/MyJavaSecStudy development by creating an account on GitHub.

X Description: 在Java安全学习过程中的笔记和代码. Contribute to 1diot9/MyJavaSecStudy development by creating an account on GitHub.

Opengraph URL: https://github.com/1diot9/MyJavaSecStudy

X: @github

direct link

Domain: patch-diff.githubusercontent.com

route-pattern/:user_id/:repository
route-controllerfiles
route-actiondisambiguate
fetch-noncev2:535f72dc-f8ce-2c84-1008-e91b3f8a5ac8
current-catalog-service-hashf3abb0cc802f3d7b95fc8762b94bdcb13bf39634c40c357301c4aa1d67a256fb
request-idC1EE:B6D87:79E7D3:9FBC9E:698E930C
html-safe-nonce8e1957115a424284d745b7e42e96f13b44a30ebd200237e40d6e563c196b6e9c
visitor-payloadeyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiJDMUVFOkI2RDg3Ojc5RTdEMzo5RkJDOUU6Njk4RTkzMEMiLCJ2aXNpdG9yX2lkIjoiOTA1ODU2NTc1NTQwNzA3ODE1NiIsInJlZ2lvbl9lZGdlIjoiaWFkIiwicmVnaW9uX3JlbmRlciI6ImlhZCJ9
visitor-hmac3249200685c7128100ad31dd9f477c7972a5bc690e0f1d0c5959ba7145132e31
hovercard-subject-tagrepository:977843031
github-keyboard-shortcutsrepository,copilot
google-site-verificationApib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I
octolytics-urlhttps://collector.github.com/github/collect
analytics-location//
fb:app_id1401488693436528
apple-itunes-appapp-id=1477376905, app-argument=https://github.com/1diot9/MyJavaSecStudy
twitter:imagehttps://opengraph.githubassets.com/af8ec2aabdb9bdbb91deda9d838d0a25d340c8e4127b1fcaf55508d6bd5fb40d/1diot9/MyJavaSecStudy
twitter:cardsummary_large_image
og:imagehttps://opengraph.githubassets.com/af8ec2aabdb9bdbb91deda9d838d0a25d340c8e4127b1fcaf55508d6bd5fb40d/1diot9/MyJavaSecStudy
og:image:alt在Java安全学习过程中的笔记和代码. Contribute to 1diot9/MyJavaSecStudy development by creating an account on GitHub.
og:image:width1200
og:image:height600
og:site_nameGitHub
og:typeobject
hostnamegithub.com
expected-hostnamegithub.com
Nonecb2828a801ee6b7be618f3ac76fbf55def35bbc30f053a9c41bf90210b8b72ba
turbo-cache-controlno-preview
go-importgithub.com/1diot9/MyJavaSecStudy git https://github.com/1diot9/MyJavaSecStudy.git
octolytics-dimension-user_id181919166
octolytics-dimension-user_login1diot9
octolytics-dimension-repository_id977843031
octolytics-dimension-repository_nwo1diot9/MyJavaSecStudy
octolytics-dimension-repository_publictrue
octolytics-dimension-repository_is_forkfalse
octolytics-dimension-repository_network_root_id977843031
octolytics-dimension-repository_network_root_nwo1diot9/MyJavaSecStudy
turbo-body-classeslogged-out env-production page-responsive
disable-turbofalse
browser-stats-urlhttps://api.github.com/_private/browser/stats
browser-errors-urlhttps://api.github.com/_private/browser/errors
releasee6b91a7e6e46287d26887e3fb7a4161657bab8f7
ui-targetcanary-2
theme-color#1e2327
color-schemelight dark

Links:

Skip to contenthttps://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#start-of-content
https://patch-diff.githubusercontent.com/
Sign in https://patch-diff.githubusercontent.com/login?return_to=https%3A%2F%2Fgithub.com%2F1diot9%2FMyJavaSecStudy
GitHub CopilotWrite better code with AIhttps://github.com/features/copilot
GitHub SparkBuild and deploy intelligent appshttps://github.com/features/spark
GitHub ModelsManage and compare promptshttps://github.com/features/models
MCP RegistryNewIntegrate external toolshttps://github.com/mcp
ActionsAutomate any workflowhttps://github.com/features/actions
CodespacesInstant dev environmentshttps://github.com/features/codespaces
IssuesPlan and track workhttps://github.com/features/issues
Code ReviewManage code changeshttps://github.com/features/code-review
GitHub Advanced SecurityFind and fix vulnerabilitieshttps://github.com/security/advanced-security
Code securitySecure your code as you buildhttps://github.com/security/advanced-security/code-security
Secret protectionStop leaks before they starthttps://github.com/security/advanced-security/secret-protection
Why GitHubhttps://github.com/why-github
Documentationhttps://docs.github.com
Bloghttps://github.blog
Changeloghttps://github.blog/changelog
Marketplacehttps://github.com/marketplace
View all featureshttps://github.com/features
Enterpriseshttps://github.com/enterprise
Small and medium teamshttps://github.com/team
Startupshttps://github.com/enterprise/startups
Nonprofitshttps://github.com/solutions/industry/nonprofits
App Modernizationhttps://github.com/solutions/use-case/app-modernization
DevSecOpshttps://github.com/solutions/use-case/devsecops
DevOpshttps://github.com/solutions/use-case/devops
CI/CDhttps://github.com/solutions/use-case/ci-cd
View all use caseshttps://github.com/solutions/use-case
Healthcarehttps://github.com/solutions/industry/healthcare
Financial serviceshttps://github.com/solutions/industry/financial-services
Manufacturinghttps://github.com/solutions/industry/manufacturing
Governmenthttps://github.com/solutions/industry/government
View all industrieshttps://github.com/solutions/industry
View all solutionshttps://github.com/solutions
AIhttps://github.com/resources/articles?topic=ai
Software Developmenthttps://github.com/resources/articles?topic=software-development
DevOpshttps://github.com/resources/articles?topic=devops
Securityhttps://github.com/resources/articles?topic=security
View all topicshttps://github.com/resources/articles
Customer storieshttps://github.com/customer-stories
Events & webinarshttps://github.com/resources/events
Ebooks & reportshttps://github.com/resources/whitepapers
Business insightshttps://github.com/solutions/executive-insights
GitHub Skillshttps://skills.github.com
Documentationhttps://docs.github.com
Customer supporthttps://support.github.com
Community forumhttps://github.com/orgs/community/discussions
Trust centerhttps://github.com/trust-center
Partnershttps://github.com/partners
GitHub SponsorsFund open source developershttps://github.com/sponsors
Security Labhttps://securitylab.github.com
Maintainer Communityhttps://maintainers.github.com
Acceleratorhttps://github.com/accelerator
Archive Programhttps://archiveprogram.github.com
Topicshttps://github.com/topics
Trendinghttps://github.com/trending
Collectionshttps://github.com/collections
Enterprise platformAI-powered developer platformhttps://github.com/enterprise
GitHub Advanced SecurityEnterprise-grade security featureshttps://github.com/security/advanced-security
Copilot for BusinessEnterprise-grade AI featureshttps://github.com/features/copilot/copilot-business
Premium SupportEnterprise-grade 24/7 supporthttps://github.com/premium-support
Pricinghttps://github.com/pricing
Search syntax tipshttps://docs.github.com/search-github/github-code-search/understanding-github-code-search-syntax
documentationhttps://docs.github.com/search-github/github-code-search/understanding-github-code-search-syntax
Sign in https://patch-diff.githubusercontent.com/login?return_to=https%3A%2F%2Fgithub.com%2F1diot9%2FMyJavaSecStudy
Sign up https://patch-diff.githubusercontent.com/signup?ref_cta=Sign+up&ref_loc=header+logged+out&ref_page=%2F%3Cuser-name%3E%2F%3Crepo-name%3E&source=header-repo&source_repo=1diot9%2FMyJavaSecStudy
Reloadhttps://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy
Reloadhttps://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy
Reloadhttps://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy
1diot9 https://patch-diff.githubusercontent.com/1diot9
MyJavaSecStudyhttps://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy
Notifications https://patch-diff.githubusercontent.com/login?return_to=%2F1diot9%2FMyJavaSecStudy
Fork 14 https://patch-diff.githubusercontent.com/login?return_to=%2F1diot9%2FMyJavaSecStudy
Star 77 https://patch-diff.githubusercontent.com/login?return_to=%2F1diot9%2FMyJavaSecStudy
1diot9.github.iohttps://1diot9.github.io
77 stars https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy/stargazers
14 forks https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy/forks
Branches https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy/branches
Tags https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy/tags
Activity https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy/activity
Star https://patch-diff.githubusercontent.com/login?return_to=%2F1diot9%2FMyJavaSecStudy
Notifications https://patch-diff.githubusercontent.com/login?return_to=%2F1diot9%2FMyJavaSecStudy
Code https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy
Issues 0 https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy/issues
Pull requests 0 https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy/pulls
Actions https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy/actions
Projects 0 https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy/projects
Security 0 https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy/security
Insights https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy/pulse
Code https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy
Issues https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy/issues
Pull requests https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy/pulls
Actions https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy/actions
Projects https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy/projects
Security https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy/security
Insights https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy/pulse
Brancheshttps://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy/branches
Tagshttps://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy/tags
https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy/branches
https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy/tags
69 Commitshttps://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy/commits/main/
https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy/commits/main/
CodeAudithttps://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy/tree/main/CodeAudit
CodeAudithttps://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy/tree/main/CodeAudit
JDBChttps://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy/tree/main/JDBC
JDBChttps://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy/tree/main/JDBC
JNDIhttps://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy/tree/main/JNDI
JNDIhttps://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy/tree/main/JNDI
JavaSecurityManager/JavaSecurityManagerhttps://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy/tree/main/JavaSecurityManager/JavaSecurityManager
JavaSecurityManager/JavaSecurityManagerhttps://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy/tree/main/JavaSecurityManager/JavaSecurityManager
JavaWeb/Demo01https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy/tree/main/JavaWeb/Demo01
JavaWeb/Demo01https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy/tree/main/JavaWeb/Demo01
JavaWeb常见漏洞https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy/tree/main/JavaWeb%E5%B8%B8%E8%A7%81%E6%BC%8F%E6%B4%9E
JavaWeb常见漏洞https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy/tree/main/JavaWeb%E5%B8%B8%E8%A7%81%E6%BC%8F%E6%B4%9E
Java基础https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy/tree/main/Java%E5%9F%BA%E7%A1%80
Java基础https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy/tree/main/Java%E5%9F%BA%E7%A1%80
Java开发https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy/tree/main/Java%E5%BC%80%E5%8F%91
Java开发https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy/tree/main/Java%E5%BC%80%E5%8F%91
MiddleWare/Tomcathttps://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy/tree/main/MiddleWare/Tomcat
MiddleWare/Tomcathttps://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy/tree/main/MiddleWare/Tomcat
PyCharmhttps://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy/tree/main/PyCharm
PyCharmhttps://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy/tree/main/PyCharm
SnakeYamlhttps://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy/tree/main/SnakeYaml
SnakeYamlhttps://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy/tree/main/SnakeYaml
docshttps://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy/tree/main/docs
docshttps://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy/tree/main/docs
fastjson/fastjsonhttps://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy/tree/main/fastjson/fastjson
fastjson/fastjsonhttps://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy/tree/main/fastjson/fastjson
gadgetCollectionhttps://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy/tree/main/gadgetCollection
gadgetCollectionhttps://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy/tree/main/gadgetCollection
hessianhttps://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy/tree/main/hessian
hessianhttps://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy/tree/main/hessian
jdk17+https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy/tree/main/jdk17%2B
jdk17+https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy/tree/main/jdk17%2B
memshellhttps://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy/tree/main/memshell
memshellhttps://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy/tree/main/memshell
shirohttps://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy/tree/main/shiro
shirohttps://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy/tree/main/shiro
toolshttps://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy/tree/main/tools
toolshttps://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy/tree/main/tools
xxe/xxeStudy01https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy/tree/main/xxe/xxeStudy01
xxe/xxeStudy01https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy/tree/main/xxe/xxeStudy01
表达式+SSTIhttps://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy/tree/main/%E8%A1%A8%E8%BE%BE%E5%BC%8F%2BSSTI
表达式+SSTIhttps://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy/tree/main/%E8%A1%A8%E8%BE%BE%E5%BC%8F%2BSSTI
README.mdhttps://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy/blob/main/README.md
README.mdhttps://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy/blob/main/README.md
READMEhttps://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy
https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#myjavasecstudy
Java基础https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#Java%E5%9F%BA%E7%A1%80
Java安全基础https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#Java%E5%AE%89%E5%85%A8%E5%9F%BA%E7%A1%80
代码和jar包调试https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#%E4%BB%A3%E7%A0%81%E5%92%8Cjar%E5%8C%85%E8%B0%83%E8%AF%95
查漏补缺https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#%E6%9F%A5%E6%BC%8F%E8%A1%A5%E7%BC%BA
反序列化https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96
JNDIhttps://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#JNDI
JDBChttps://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#JDBC
shirohttps://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#shiro
Fastjson&Jackson&SnakeYamlhttps://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#Fastjson&Jackson&SnakeYaml
内存马&回显技术https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#%E5%86%85%E5%AD%98%E9%A9%AC&%E5%9B%9E%E6%98%BE%E6%8A%80%E6%9C%AF
高版本jdk下的链子https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#%E9%AB%98%E7%89%88%E6%9C%ACjdk%E4%B8%8B%E7%9A%84%E9%93%BE%E5%AD%90
表达式+SSTIhttps://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#%E8%A1%A8%E8%BE%BE%E5%BC%8F+SSTI
RASPhttps://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#RASP
中间件相关https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#%E4%B8%AD%E9%97%B4%E4%BB%B6%E7%9B%B8%E5%85%B3
Spring系列https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#Spring%E7%B3%BB%E5%88%97
工具开发/二开https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#devTools
代码审计https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#CodeAudit
代码审计辅助工具https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#%E4%BB%A3%E7%A0%81%E5%AE%A1%E8%AE%A1%E8%BE%85%E5%8A%A9%E5%B7%A5%E5%85%B7
参考学习路线https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#%E5%8F%82%E8%80%83%E5%AD%A6%E4%B9%A0%E8%B7%AF%E7%BA%BF
博客&公众号整理https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#%E5%8D%9A%E5%AE%A2%E6%95%B4%E7%90%86
工具推荐https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#%E5%B7%A5%E5%85%B7%E6%8E%A8%E8%8D%90
https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#java基础
柏码知识库 | JavaSE 笔记(一)走进Java语言https://www.itbaima.cn/zh-CN/document/8egfulw98v3h680j
简介 - Java教程 - 廖雪峰的官方网站https://liaoxuefeng.com/books/java/introduction/index.html
JavaGuide(Java学习&面试指南) | JavaGuidehttps://javaguide.cn/home.html
【狂神说Java】Java零基础学习视频通俗易懂_哔哩哔哩_bilibilihttps://www.bilibili.com/video/BV12J41137hu/?spm_id_from=333.337.search-card.all.click
https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#java安全基础-
https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#基础内容
2. 读文件https://www.yuque.com/pmiaowu/gpy1q8/in10on
Java反序列化基础篇-02-Java反射与URLDNS链分析 | Drunkbaby's Bloghttps://drun1baby.top/2022/05/20/Java%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E5%9F%BA%E7%A1%80%E7%AF%87-02-Java%E5%8F%8D%E5%B0%84%E4%B8%8EURLDNS%E9%93%BE%E5%88%86%E6%9E%90/
Java反序列化基础篇-03-Java反射进阶 | Drunkbaby's Bloghttps://drun1baby.top/2022/05/29/Java%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E5%9F%BA%E7%A1%80%E7%AF%87-03-Java%E5%8F%8D%E5%B0%84%E8%BF%9B%E9%98%B6/#0x02-%E5%8F%8D%E5%B0%84%E7%9A%84%E8%BF%9B%E9%98%B6%E7%9F%A5%E8%AF%86
Java反序列化基础篇-05-类的动态加载 | Drunkbaby's Bloghttps://drun1baby.top/2022/06/03/Java%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E5%9F%BA%E7%A1%80%E7%AF%87-05-%E7%B1%BB%E7%9A%84%E5%8A%A8%E6%80%81%E5%8A%A0%E8%BD%BD/
Java反序列化基础篇-01-反序列化概念与利用 | Drunkbaby's Bloghttps://drun1baby.top/2022/05/17/Java%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E5%9F%BA%E7%A1%80%E7%AF%87-01-%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E6%A6%82%E5%BF%B5%E4%B8%8E%E5%88%A9%E7%94%A8/
https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#补充内容
Java反序列化漏洞专题-基础篇(21/09/05更新类加载部分)_哔哩哔哩_bilibilihttps://www.bilibili.com/video/BV16h411z7o9/?spm_id_from=333.1387.upload.video_card.click&vd_source=42c469cbf5707e7a96bb0dda4b39e6ef
ClassLoader · 攻击Java Web应用-Java Web安全https://www.javasec.org/javase/ClassLoader/
JavaSec/1.基础知识/ClassLoader(类加载机制)/ClassLoader(类加载机制).md at main · Y4tacker/JavaSechttps://github.com/Y4tacker/JavaSec/blob/main/1.%E5%9F%BA%E7%A1%80%E7%9F%A5%E8%AF%86/ClassLoader(%E7%B1%BB%E5%8A%A0%E8%BD%BD%E6%9C%BA%E5%88%B6)/ClassLoader(%E7%B1%BB%E5%8A%A0%E8%BD%BD%E6%9C%BA%E5%88%B6).md
MyJavaSecStudy/docs/Java安全漫谈.pdf at main · 1diot9/MyJavaSecStudyhttps://github.com/1diot9/MyJavaSecStudy/blob/main/docs/Java%E5%AE%89%E5%85%A8%E6%BC%AB%E8%B0%88.pdf
phith0n/JavaThings: Share Things Related to Java - Java安全漫谈笔记相关内容https://github.com/phith0n/JavaThings
Java 反序列化漏洞(一) - 前置知识 & URLDNS | 素十八https://su18.org/post/ysoserial-su18-1/
https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#javaweb基础
https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#javaweb常见漏洞
https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#xxe
XXE整理 | 1diot9's Bloghttps://1diot9.github.io/2025/11/18/XXE%E6%95%B4%E7%90%86/
一篇文章带你深入理解漏洞之 XXE 漏洞-先知社区https://xz.aliyun.com/news/2994
https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#代码--jar包调试
奇安信攻防社区-java审计调试方式https://forum.butian.net/share/1753
skylot/jadx: Dex to Java decompilerhttps://github.com/skylot/jadx
https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#查漏补缺-
Java Runtime.getRuntime().exec由表及里-先知社区https://xz.aliyun.com/news/6642
shadow-horse/java.lang.Runtime.exec-Payload: 反弹shell,Runtime.exec()执行系统命令https://github.com/shadow-horse/java.lang.Runtime.exec-Payload
https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#反序列化--
https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#cc链
Java反序列化Commons-Collections篇01-CC1链 | Drunkbaby's Bloghttps://drun1baby.top/2022/06/06/Java%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96Commons-Collections%E7%AF%8701-CC1%E9%93%BE/
JavaSecurityLearning/链子流程图 at main · Drun1baby/JavaSecurityLearninghttps://github.com/Drun1baby/JavaSecurityLearning/tree/main/%E9%93%BE%E5%AD%90%E6%B5%81%E7%A8%8B%E5%9B%BE
MyJavaSecStudy/docs/Java安全漫谈.pdf at main · 1diot9/MyJavaSecStudyhttps://github.com/1diot9/MyJavaSecStudy/blob/main/docs/Java%E5%AE%89%E5%85%A8%E6%BC%AB%E8%B0%88.pdf
Java 反序列化漏洞(二) - Commons Collections | 素十八https://su18.org/post/ysoserial-su18-2/#commonscollections1
CC链再次挖掘-先知社区https://xz.aliyun.com/news/14431
CC链再挖掘 | 1diot9's Bloghttps://1diot9.github.io/2025/10/27/CC%E9%93%BE%E5%86%8D%E6%8C%96%E6%8E%98/
java反序列化漏洞commons-collections3.2.1TransformedList触发transform-先知社区https://xz.aliyun.com/news/13748
老链新看——CommonsCollections链https://mp.weixin.qq.com/s/zNsTKVumW-wa91Eb63WVZA
https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#hessian
Hessian反序列化原理到武器化利用 - FreeBuf网络安全行业门户https://www.freebuf.com/articles/web/424308.html
超详细解析Hessian利用链-先知社区https://xz.aliyun.com/news/13039
https://changeyourway.github.io/2025/02/20/Javahttps://changeyourway.github.io/2025/02/20/Java
Java安全学习——Hessian反序列化漏洞 - 枫のBloghttps://goodapple.top/archives/1193
0CTF/TCTF 2022 hessian-onlyJdk | Bmth's bloghttp://www.bmth666.cn/2023/02/07/0CTF-TCTF-2022-hessian-onlyJdk/index.html
0ctf2022 hessian-only-jdk writeup jdk原生链-先知社区https://xz.aliyun.com/news/11178
Hessian 反序列化新链分析与坑点 | zoiltin's Bloghttps://zoiltin.github.io/posts/hessian%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E6%96%B0%E9%93%BE%E5%88%86%E6%9E%90%E4%B8%8E%E5%9D%91%E7%82%B9/
从2025blackhat-jdd hessian反序列化jdk原生新链开始学习链子构造-先知社区https://xz.aliyun.com/news/18935
Hessian反序列化流程及漏洞浅析-先知社区https://xz.aliyun.com/news/17603
https://changeyourway.github.io/2024/11/13/Javahttps://changeyourway.github.io/2024/11/13/Java
Hessian 反序列化漏洞 · 攻击Java Web应用-Java Web安全]https://www.javasec.org/java-vuls/Hessian.html
Hessian 反序列化知一二 | 素十八https://su18.org/post/hessian/
https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#利用链探测
构造java探测class反序列化gadget | 回忆飘如雪https://gv7.me/articles/2021/construct-java-detection-class-deserialization-gadget/#0x01-%E8%83%8C%E6%99%AF
Java序列化炸弹解析-CSDN博客https://blog.csdn.net/nevermorewo/article/details/100100048
https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#其他链子姿势
Java反序列化之C3P0链 | Drunkbaby's Bloghttps://drun1baby.top/2022/10/06/Java%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E4%B9%8BC3P0%E9%93%BE/
分析尝试利用tabby挖掘-SpringAOP链 - Potat0w0https://blog.potatowo.top/2025/03/31/%E4%BB%8E%E5%A4%8D%E7%8E%B0%E5%88%B0%E5%B0%9D%E8%AF%95%E7%94%A8tabby%E6%8C%96%E6%8E%98-SpringAOP%E9%93%BE/
realworldctf old system复盘(jdk1.4 getter jndi gadget)-先知社区https://xz.aliyun.com/news/8630
利用特殊反序列化组件攻击原生反序列化入口-先知社区https://xz.aliyun.com/news/12356
Java利用无外网(下):ClassPathXmlApplicationContext的不出网利用 | 离别歌https://www.leavesongs.com/PENETRATION/springboot-xml-beans-exploit-without-network.html
https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#jndi-
https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#基础内容-1
Java反序列化之RMI专题01-RMI基础 | Drunkbaby's Bloghttps://drun1baby.top/2022/07/19/Java%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E4%B9%8BRMI%E4%B8%93%E9%A2%9801-RMI%E5%9F%BA%E7%A1%80/
Java反序列化之JNDI学习 | Drunkbaby's Bloghttps://drun1baby.top/2022/07/28/Java%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E4%B9%8BJNDI%E5%AD%A6%E4%B9%A0/
JNDI · 攻击Java Web应用-Java Web安全https://www.javasec.org/javase/JNDI/#jndi
Log4j2漏洞分析 | 1diot9's Bloghttps://1diot9.github.io/2025/12/08/Log4j2%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/
https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#rmijrmpjep290ldap
RMI JRMP JEP290 LDAP基础梳理 | 1diot9's Bloghttps://1diot9.github.io/2025/11/10/RMI-JRMP-JEP290-LDAP%E5%9F%BA%E7%A1%80%E6%A2%B3%E7%90%86/
https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#综合梳理
奇安信攻防社区-JAVA JRMP、RMI、JNDI、反序列化漏洞之间的风花雪月https://forum.butian.net/share/2278
基于Java反序列化RCE - 搞懂RMI、JRMP、JNDI-先知社区https://xz.aliyun.com/news/6675
搞懂RMI、JRMP、JNDI-终结篇-先知社区https://xz.aliyun.com/news/6860
https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#rmi
RMI协议分析 - lvyyevd's 安全博客http://www.lvyyevd.cn/archives/rmi-xie-yi-fen-xi
Java RMI 攻击由浅入深 | 素十八https://su18.org/post/rmi-attack/
RMI-攻击方式总结-安全KER - 安全资讯平台https://www.anquanke.com/post/id/257452#h2-6
MyJavaSecStudy/docs/Java安全漫谈.pdf at main · 1diot9/MyJavaSecStudyhttps://github.com/1diot9/MyJavaSecStudy/blob/main/docs/Java%E5%AE%89%E5%85%A8%E6%BC%AB%E8%B0%88.pdf
https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#jrmpjep290
JRMP通信攻击过程及利用介绍-先知社区https://xz.aliyun.com/news/15240
RMI-JEP290的分析与绕过-安全KER - 安全资讯平台https://www.anquanke.com/post/id/259059#h2-0
Shiro有key但无回显利用链子-JRMP大法_shiro有key无链怎么办?-CSDN博客https://blog.csdn.net/weixin_43264067/article/details/139626398
https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#高版本jdk绕过
https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#基于反序列化
RMI JRMP JEP290 LDAP基础梳理 | 1diot9's Bloghttps://1diot9.github.io/2025/11/10/RMI-JRMP-JEP290-LDAP%E5%9F%BA%E7%A1%80%E6%A2%B3%E7%90%86/
https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#基于beanfactory
探索高版本 JDK 下 JNDI 漏洞的利用方法 - 跳跳糖https://tttang.com/archive/1405/#toc_0x01-beanfactory
https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#其他factory绕过
京麟CTF 2024 ezldap 分析-先知社区https://xz.aliyun.com/news/14103
SolarWinds Security Event Manager AMF 反序列化 RCE (CVE-2024-0692) - X1r0z Bloghttps://exp10it.io/2024/03/solarwinds-security-event-manager-amf-deserialization-rce-cve-2024-0692/#hikaricp-jndi-%E6%B3%A8%E5%85%A5
高版本JNDI注入-高版本Tomcat利用方案-先知社区https://xz.aliyun.com/news/16156
探索高版本 JDK 下 JNDI 漏洞的利用方法 - 跳跳糖https://tttang.com/archive/1405/#toc_snakeyaml
JNDI jdk高版本绕过—— Druid-先知社区https://xz.aliyun.com/news/10104
奇安信攻防社区-【2024补天白帽黑客大会】JNDI新攻击面探索https://forum.butian.net/share/3857
https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#jdbc-
https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#mysql
MySQL jdbc 反序列化分析 | Drunkbaby's Bloghttps://drun1baby.top/2023/01/13/MySQL-jdbc-%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E5%88%86%E6%9E%90/
mysql JDBC 攻击 | 1diot9's Bloghttps://1diot9.github.io/2025/05/05/mysql-JDBC-%E7%BB%95%E8%BF%87/
从JDBC MySQL不出网攻击到spring临时文件利用-先知社区https://xz.aliyun.com/news/17830
https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#h2sql
NCTF2024 Web方向题解-CSDN博客https://blog.csdn.net/Err0r233/article/details/146484415
SolarWinds Security Event Manager AMF 反序列化 RCE (CVE-2024-0692) - X1r0z Bloghttps://exp10it.io/2024/03/solarwinds-security-event-manager-amf-deserialization-rce-cve-2024-0692/#hikaricp-jndi-%E6%B3%A8%E5%85%A5
https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#sqlite
JavaSec/9.JDBC Attack/SQLite/index.md at main · Y4tacker/JavaSechttps://github.com/Y4tacker/JavaSec/blob/main/9.JDBC%20Attack/SQLite/index.md
CISCN2024 writeup(web部分)https://jaspersec.top/posts/3286688009.html#ezjava
从一道题看利用sqlite打jdbc达到RCE-先知社区https://xz.aliyun.com/news/14234
https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#postgresql
Postgresql JDBC Attack and Stuff | 素十八https://su18.org/post/postgresql-jdbc-attack-and-stuff/
https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#derby
derby数据库如何实现RCE - lvyyevd's 安全博客http://www.lvyyevd.cn/archives/derby-shu-ju-ku-ru-he-shi-xian-rce
N1CTF Junior 2024 Web Official Writeup - X1r0z Bloghttps://exp10it.io/2024/02/n1ctf-junior-2024-web-official-writeup/#derby
因为项目中遇到Nacos挺多的...-知识星球https://wx.zsxq.com/group/2212251881/topic/1524448452142582
https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#汇总
JDBC Connection URL 攻击https://paper.seebug.org/1832/
JDBC-Attack 攻击利用汇总-先知社区https://xz.aliyun.com/news/13371
JDBC-Attack 利用汇总 - Boogiepop Doesn't Laughhttps://boogipop.com/2023/10/01/JDBC-Attack%20%E5%88%A9%E7%94%A8%E6%B1%87%E6%80%BB/#%E5%89%8D%E8%A8%80
Jdbc碎碎念三:内存数据库 | m0d9's bloghttps://m0d9.me/2021/04/26/Jdbc%E7%A2%8E%E7%A2%8E%E5%BF%B5%E4%B8%89%EF%BC%9A%E5%86%85%E5%AD%98%E6%95%B0%E6%8D%AE%E5%BA%93/
yulate/jdbc-tricks: 《深入JDBC安全:特殊URL构造与不出网反序列化利用技术揭秘》对应研究总结项目 "Deep Dive into JDBC Security: Special URL Construction and Non-Networked Deserialization Exploitation Techniques Revealed" - Research Summary Projecthttps://github.com/yulate/jdbc-tricks
https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#shiro
https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#shiro反序列化
Java反序列化Shiro篇01-Shiro550流程分析 | Drunkbaby's Bloghttps://drun1baby.top/2022/07/10/Java%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96Shiro%E7%AF%8701-Shiro550%E6%B5%81%E7%A8%8B%E5%88%86%E6%9E%90/
Java反序列化Shiro篇02-Shiro721流程分析 | Drunkbaby's Bloghttps://drun1baby.top/2023/03/08/Java%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96Shiro%E7%AF%8702-Shiro721%E6%B5%81%E7%A8%8B%E5%88%86%E6%9E%90/
全版本Shiro反序列化漏洞原理详解 - Smile3306 - 博客园https://www.cnblogs.com/Smile3306/p/18984943
CBC字节翻转攻击&Padding Oracle Attack原理解析 - 枫のBloghttps://goodapple.top/archives/217
Shiro RememberMe 漏洞检测的探索之路 - CT Stack 安全社区https://stack.chaitin.com/techblog/detail/39
奇安信攻防社区-一种另类的shiro检测方式https://forum.butian.net/share/92
Shiro绕过Header长度限制进阶利用 | Bmth's bloghttp://www.bmth666.cn/2024/11/03/Shiro%E7%BB%95%E8%BF%87Header%E9%95%BF%E5%BA%A6%E9%99%90%E5%88%B6%E8%BF%9B%E9%98%B6%E5%88%A9%E7%94%A8/index.html
浅谈Shiro550受Tomcat Header长度限制影响突破https://y4tacker.github.io/2022/04/14/year/2022/4/%E6%B5%85%E8%B0%88Shiro550%E5%8F%97Tomcat-Header%E9%95%BF%E5%BA%A6%E9%99%90%E5%88%B6%E5%BD%B1%E5%93%8D%E7%AA%81%E7%A0%B4/
终极Java反序列化Payload缩小技术https://mp.weixin.qq.com/s/cQCYhBkR95vIVBicA9RR6g
https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#shiro越权
https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#fastjsonjacksonsnakeyaml-
https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#fastjson
Java反序列化Fastjson篇01-FastJson基础 | Drunkbaby's Bloghttps://drun1baby.top/2022/08/04/Java%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96Fastjson%E7%AF%8701-Fastjson%E5%9F%BA%E7%A1%80/
Fastjson 反序列化漏洞 · 攻击Java Web应用-Java Web安全https://www.javasec.org/java-vuls/FastJson.html
FastJsonParty/Fastjson全版本检测及利用-Poc.md at main · lemono0/FastJsonPartyhttps://github.com/lemono0/FastJsonParty/blob/main/Fastjson%E5%85%A8%E7%89%88%E6%9C%AC%E6%A3%80%E6%B5%8B%E5%8F%8A%E5%88%A9%E7%94%A8-Poc.md
safe6Sec/Fastjson: Fastjson姿势技巧集合https://github.com/safe6Sec/Fastjson
FastJson与原生反序列化https://y4tacker.github.io/2023/03/20/year/2023/3/FastJson%E4%B8%8E%E5%8E%9F%E7%94%9F%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96/#%E4%B8%BA%E4%BB%80%E4%B9%88fastjson1%E7%9A%841-2-49%E4%BB%A5%E5%90%8E%E4%B8%8D%E5%86%8D%E8%83%BD%E5%88%A9%E7%94%A8
FastJson与原生反序列化(二)https://y4tacker.github.io/2023/04/26/year/2023/4/FastJson%E4%B8%8E%E5%8E%9F%E7%94%9F%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96-%E4%BA%8C/
https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#snakeyaml
Java反序列化之 SnakeYaml 链 | Drunkbaby's Bloghttps://drun1baby.top/2022/10/16/Java%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E4%B9%8B-SnakeYaml-%E9%93%BE/
SnakeYaml利用总结 | 1diot9's Bloghttps://1diot9.github.io/2025/08/03/SnakeYaml%E5%88%A9%E7%94%A8%E6%80%BB%E7%BB%93/
Yaml文件写法总结 | 1diot9's Bloghttps://1diot9.github.io/2025/08/04/Yaml%E6%96%87%E4%BB%B6%E5%86%99%E6%B3%95%E6%80%BB%E7%BB%93/
Java利用无外网(上):从HertzBeat聊聊SnakeYAML反序列化 | 离别歌https://www.leavesongs.com/PENETRATION/jdbc-injection-with-hertzbeat-cve-2024-42323.html
奇安信攻防社区-SnakeYaml 不出网 RCE 新链(JDK原生链)挖掘https://forum.butian.net/share/4486
https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#内存马回显技术-
https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#内存马
Java内存马系列-01-基础内容学习 | Drunkbaby's Bloghttps://drun1baby.top/2022/08/19/Java%E5%86%85%E5%AD%98%E9%A9%AC%E7%B3%BB%E5%88%97-01-%E5%9F%BA%E7%A1%80%E5%86%85%E5%AE%B9%E5%AD%A6%E4%B9%A0/
基于内存 Webshell 的无文件攻击技术研究-安全KER - 安全资讯平台https://www.anquanke.com/post/id/198886
针对Spring MVC的Interceptor内存马 - bitterz - 博客园https://www.cnblogs.com/bitterz/p/14859766.html
奇安信攻防社区-利用 intercetor 注入 spring 内存 webshellhttps://forum.butian.net/share/102
Spring内存马学习 | Bmth's bloghttp://www.bmth666.cn/2022/09/27/Spring%E5%86%85%E5%AD%98%E9%A9%AC%E5%AD%A6%E4%B9%A0/index.html
bitterzzZZ/MemoryShellLearn: 分享几个直接可用的内存马,记录一下学习过程中看过的文章https://github.com/bitterzzZZ/MemoryShellLearn
Getshell/Mshell: Memshell-攻防内存马研究https://github.com/Getshell/Mshell
W01fh4cker/LearnJavaMemshellFromZero: 【三万字原创】完全零基础从0到1掌握Java内存马,公众号:追梦信安https://github.com/W01fh4cker/LearnJavaMemshellFromZero
浅谈 Java Agent 内存马 – 天下大木头https://wjlshare.com/archives/1582
奇安信攻防社区-Solon框架注入内存马https://forum.butian.net/share/3700
c0ny1/java-object-searcher: java内存对象搜索辅助工具https://github.com/c0ny1/java-object-searcher
Shiro RememberMe 漏洞检测的探索之路 - CT Stack 安全社区https://stack.chaitin.com/techblog/detail/39
半自动化挖掘request实现多种中间件回显 | 回忆飘如雪https://gv7.me/articles/2020/semi-automatic-mining-request-implements-multiple-middleware-echo/
内存对象搜索原理剖析-先知社区https://xz.aliyun.com/news/11303
https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#其他内存马
Lilctf_blade_cchttps://www.n1ght.cn/2025/08/21/blade_cc/#blade%E5%86%85%E5%AD%98%E9%A9%AC
https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#内存马工具
pen4uin/java-memshell-generator: 一款支持自定义的 Java 内存马生成工具|A customizable Java in-memory webshell generation tool.https://github.com/pen4uin/java-memshell-generator
ReaJason/MemShellParty: 一款专注于 Java 主流 Web 中间件的内存马快速生成工具,致力于简化安全研究人员和红队成员的工作流程,提升攻防效率https://github.com/ReaJason/MemShellParty
https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#回显技术
pen4uin/java-echo-generator: 一款支持自定义的 Java 回显载荷生成工具|A customizable Java echo payload generation tool.https://github.com/pen4uin/java-echo-generator
java_linux通用回显马https://www.n1ght.cn/2025/08/21/java_linux%E9%80%9A%E7%94%A8%E5%9B%9E%E6%98%BE%E9%A9%AC/
https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#高版本jdk下的链子
高版本JDK加载字节码分析https://mp.weixin.qq.com/s/Nvra3OljzllryYg9L9yCFQ
2024 巅峰极客 easy_java学习jdk17下打内存马方式-先知社区https://xz.aliyun.com/news/14807
jdk17&CC链下利用TemplatesImpl | Jiecub3https://jiecub3.github.io/zh/posts/java/chain/jdk17cc%E9%93%BE%E4%B8%8B%E5%88%A9%E7%94%A8templatesimpl/
高版本JDK下的Spring原生反序列化链 – fushulingのbloghttps://fushuling.com/index.php/2025/08/21/%E9%AB%98%E7%89%88%E6%9C%ACjdk%E4%B8%8B%E7%9A%84spring%E5%8E%9F%E7%94%9F%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E9%93%BE/
jdk17+Springboot链 | 1diot9's Bloghttps://1diot9.github.io/2025/09/23/jdk17-Springboot%E9%93%BE/
JDK17不出网?Shiro反序列化极限RCE!https://mp.weixin.qq.com/s/xfmHjgx5jQRLKkIR7XUCcg
https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#表达式ssti
https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#spel
SpEL表达式注入漏洞学习和回显poc研究 - bitterz - 博客园https://www.cnblogs.com/bitterz/p/15206255.html#%E8%AF%AD%E6%B3%95%E5%9F%BA%E7%A1%80
SpEL注入RCE分析与绕过-先知社区https://xz.aliyun.com/news/8744
Java 之 SpEL 表达式注入 | Drunkbaby's Bloghttps://drun1baby.top/2022/09/23/Java-%E4%B9%8B-SpEL-%E8%A1%A8%E8%BE%BE%E5%BC%8F%E6%B3%A8%E5%85%A5/
https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#el
https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#thymeleaf
Java Thymeleaf SSTI(本质为SpEL) | Godown_bloghttps://godownio.github.io/2025/04/28/java-thymeleaf-ssti-spel/
https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#rasp-
JNI攻击 · 攻击Java Web应用-Java Web安全https://www.javasec.org/java-vuls/JNI.html
https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#中间件相关
https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#tomcat
Tomcat URL解析差异性导致的安全问题-先知社区https://xz.aliyun.com/news/7139
https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#resin
URL解析导致的鉴权绕过问题探究-Resin篇 - 进阶的胖闹-pwnullhttps://pwnull.github.io/2023/from-urlparser-to-authbypass-resin/
https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#spring系列
https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#springboot
LandGrey/SpringBootVulExploit: SpringBoot 相关漏洞学习资料,利用方法和技巧合集,黑盒安全评估 check listhttps://github.com/LandGrey/SpringBootVulExploit
https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#源码分析
DispatcherServlet.doDispatch请求分发详解 | Godown_bloghttps://godownio.github.io/2025/03/25/spring-dispatcherservlet-xiang-jie/
https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#url解析差异
URL解析导致的鉴权绕过问题探究-SpringSecurity篇 - 进阶的胖闹-pwnullhttps://pwnull.github.io/2023/from-urlparser-to-authbypass-SpringSecurity/
7. JEECG-灰盒Fuzzinghttps://www.yuque.com/pmiaowu/gpy1q8/gl653fmytz1hoyev
https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#heapdump分析
heapdump深度利用之信息泄露篇https://mp.weixin.qq.com/s/VBCjtLxcdFvIJ0uK-sCdDw
Springboot信息泄露以及heapdump的利用_heapdump信息泄露-CSDN博客https://blog.csdn.net/weixin_44309905/article/details/127279561
京麟CTF 2024 ezldap 分析-先知社区https://xz.aliyun.com/news/14103?time__1311=eqUxuiDt5WqYqY5DsD7mPD%3DIZK7q9hGBbD&u_atoken=b94f9c93564049e1d2601ebb22a1098b&u_asig=0a472f9217433333617862864e004b
https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#文件缓存机制
从JDBC MySQL不出网攻击到spring临时文件利用-先知社区https://xz.aliyun.com/news/17830
https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#spring-cloud
Spring Cloud GateWay CVE-2025-41243 分析-先知社区https://xz.aliyun.com/news/19006
CVE-2025-41243 Spring Cloud Gateway SpEL 沙箱从任意属性访问到任意文件下载 - 白帽酱の博客https://rce.moe/2025/09/29/CVE-2025-41243/
https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#工具开发二开
新年快乐 | ysoserial 分析与魔改https://mp.weixin.qq.com/s?__biz=MzkwMzQyMTg5OA==&mid=2247486647&idx=1&sn=2e2ce3bad829dacd4807cbdb88e4ba2f&chksm=c097c612f7e04f0411454885e3d3248607f32ab6722592cc005eb610973220e8156999e75751&scene=178&cur_album_id=3744968375202660352&search_click_id=#rd
yhy0/ExpDemo-JavaFX: 图形化漏洞利用Demo-JavaFX版https://github.com/yhy0/ExpDemo-JavaFX
https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#代码审计
Java安全慢游记https://www.yuque.com/pmiaowu/gpy1q8
https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#若依
若依各版本漏洞 | 1diot9's Bloghttps://1diot9.github.io/2025/08/02/%E8%8B%A5%E4%BE%9D%E5%90%84%E7%89%88%E6%9C%AC%E6%BC%8F%E6%B4%9E/
奇安信攻防社区-若依(RuoYi)框架漏洞战争手册https://forum.butian.net/share/4328
♪(^∇^*)欢迎肥来!RuoYi历史漏洞 | 高木のBloghttps://blog.takake.com/posts/7219/#2-5-4-1-%E4%BB%A3%E7%A0%81%E5%AE%A1%E8%AE%A1
SecurityList/Java_OA/RuoYi.md at main · ax1sX/SecurityListhttps://github.com/ax1sX/SecurityList/blob/main/Java_OA/RuoYi.md
charonlight/RuoYiExploitGUI: 若依最新定时任务SQL注入可导致RCE漏洞的一键利用工具https://github.com/charonlight/RuoYiExploitGUI?tab=readme-ov-file
https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#webgoat
WebGoat靶场-身份认证缺陷 | 1diot9's Bloghttps://1diot9.github.io/2025/07/22/WebGoat%E9%9D%B6%E5%9C%BA-%E8%BA%AB%E4%BB%BD%E8%AE%A4%E8%AF%81%E7%BC%BA%E9%99%B7/
WebGoat代码审计-03-目录遍历漏洞 | Drunkbaby's Bloghttps://drun1baby.top/2022/03/22/WebGoat%E4%BB%A3%E7%A0%81%E5%AE%A1%E8%AE%A1-03-%E7%9B%AE%E5%BD%95%E9%81%8D%E5%8E%86%E6%BC%8F%E6%B4%9E/
https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#泛微ecology9
泛微ecology9前置 | 1diot9's Bloghttps://1diot9.github.io/2025/08/10/%E6%B3%9B%E5%BE%AEecology9%E5%89%8D%E7%BD%AE/
ecology9代码审计 | Sn1pEr's bloghttps://sn1per-ssd.github.io/2024/08/15/ecology9%E4%BB%A3%E7%A0%81%E5%AE%A1%E8%AE%A1/
泛微e-cology9 browser.jsp SQL注入漏洞分析 | 0xf4n9x's Bloghttps://0xf4n9x.github.io/weaver-ecology9-browser-sqli.html
【漏洞复现】泛微E-Cology V9 browser.jspSQL注入漏洞及分析https://mp.weixin.qq.com/s/YCzAQroLfBOw6OrxcIfb1A
微信公众平台https://mp.weixin.qq.com/s/jNn0PqjP9yYBuPtqW4IdEA
changeUserInfo信息泄露+ofsLogin任意用户登录 | 1diot9's Bloghttps://1diot9.github.io/2025/08/10/changeUserInfo%E4%BF%A1%E6%81%AF%E6%B3%84%E9%9C%B2-ofsLogin%E4%BB%BB%E6%84%8F%E7%94%A8%E6%88%B7%E7%99%BB%E5%BD%95/
泛微e-cology9 changeUserInfo信息泄漏及ofsLogin任意用户登录漏洞分析https://mp.weixin.qq.com/s?__biz=MzI0NzEwOTM0MA==&mid=2652502015&idx=1&sn=39a4dd93fe5cc0a85dcb4aae28c6bf9c&chksm=f258544cc52fdd5a3ef748e125527cbe76d325b0b403ce359b686362a5cd923963e16faa2d45&scene=126&sessionid=1685092163&key=79faf193ca39ac845d45b240e517ccf717a50d07a9efad057991dbb878a24c00e9e8e4c2f3c84761361f7ff6a20040112d0d939914828f699229867b029a53fa957167f7b7be31f03cc8f249ba8f24232b359ecbc12c17027d3143b22e4915b41d3a6506ca566b13c76ce44a1e998cfa82968ee5fa4b159a3d52661d7480b3a9&ascene=15&uin=MzgxODQ4MjMz&devicetype=Windows+10+x64&version=63060012&lang=zh_CN&session_us=gh_7c749a8346d4&countrycode=GY&exportkey=n_ChQIAhIQ%2BcZx3tWxO0E8DrQjq2wpEhLvAQIE97dBBAEAAAAAADhYIKpLxZwAAAAOpnltbLcz9gKNyK89dVj021DG4x9QVpW9CXybpPpZ9qPTtZ8Qi0IYkOJTsU0z01YuxLeoWHBWWnq6ahSSdj2YdyvXZJVQNRmXDajYswlKJonxlRiXhKW%2Buu%2BNT%2BRFdiemTUgrCWyDH%2FFRsuXV%2FCeFYKdgPyKsjVNsv2nkl%2FurlVE%2F%2ByKVBB6ZktCegyDjbLg3wbFJ3cPplsGjjO4U%2FbW%2BRb7MPyBGa7xALwKMKjBejakftbNF63xcQG7CKN9s8CV73KbORpi3c5JXMk2DVZoNxFcynBMtEoc8&acctmode
https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#用友u8cloud
用友U8Cloud环境搭建 | 1diot9's Bloghttps://1diot9.github.io/2025/08/16/U8Cloud%E7%8E%AF%E5%A2%83%E6%90%AD%E5%BB%BA/
用友U8Cloud最新前台RCE漏洞挖掘过程分享https://mp.weixin.qq.com/s/gwdzmBCu5PjYdzVeWEcpDQ
用友U8cloud-esnserver接口RCE | 1diot9's Bloghttps://1diot9.github.io/2025/08/16/%E7%94%A8%E5%8F%8BU8cloud-esnserver%E6%8E%A5%E5%8F%A3RCE/
用友U8cloud-ServiceDispacherServlet反序列化 | 1diot9's Bloghttps://1diot9.github.io/2025/08/16/%E7%94%A8%E5%8F%8BU8cloud-ServiceDispacherServlet%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96/
用友U8cloud-LoginVideoServlet接口反序列化 | 1diot9's Bloghttps://1diot9.github.io/2025/08/16/%E7%94%A8%E5%8F%8BU8cloud-LoginVideoServlet%E6%8E%A5%E5%8F%A3%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96/
https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#契约锁
契约锁电子签章系统 pdfverifier rce 前台漏洞分析(从源码分析)-先知社区https://xz.aliyun.com/news/18520
契约锁pdfverifier RCE攻防绕过史https://mp.weixin.qq.com/s/u--mcFjhYly74q-Qg3D7jQ
契约锁电子签章系统 pdfverifier 远程代码执行漏洞分析(补丁包逆向分析)-先知社区https://xz.aliyun.com/news/18482
契约锁代码审计分析_契约锁漏洞-CSDN博客https://blog.csdn.net/baidu_25299117/article/details/139990814
https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#代码审计辅助工具
https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#jar-analyzer
Jar Analyzer 官方文档https://docs.qq.com/doc/DV3pKbG9GS0pJS0tk
https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#tabby
1. Neo4j CQL - 数据类型https://www.yuque.com/pmiaowu/gpy1q8/arufc2k5gdmkesau/
自动化代码审计实践 | mayylu's bloghttps://mayylu.github.io/2024/08/02/java/%E8%87%AA%E5%8A%A8%E5%8C%96%E4%BB%A3%E7%A0%81%E5%AE%A1%E8%AE%A1%E5%AE%9E%E8%B7%B5/
4. 案例-Tabby自动化挖掘JavaSecCodehttps://www.yuque.com/pmiaowu/gpy1q8/ng9b5mu7ltkyi0to
https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#codeql
Codeql全新版本从0到1-先知社区https://xz.aliyun.com/news/16918
1. 案例-CodeQL自动化挖掘JavaSecCodehttps://www.yuque.com/pmiaowu/gpy1q8/upavb10n5vnit3y3
使用CodeQL_n1ght进行漏洞审计思路-先知社区https://xz.aliyun.com/news/18769
codeql带依赖jar包数据库生成https://www.n1ght.cn/2025/06/16/codeql%E5%B8%A6%E4%BE%9D%E8%B5%96jar%E5%8C%85%E6%95%B0%E6%8D%AE%E5%BA%93%E7%94%9F%E6%88%90/
CodeQL踩坑日记and规则分享https://mp.weixin.qq.com/s/cOXc0MyDXhslTPBENfd4Pg
CodeQL分析java反序列化gadget第一期--CC1链-先知社区https://xz.aliyun.com/news/18578
聊一聊 CodeQL 基础之过河问题https://mp.weixin.qq.com/s/CCwWUrRa0K_hcBYEaAe8xQ
利用Github Actions生成CodeQL数据库 -- 以AliyunCTF2024 Chain17的反序列化链挖掘为例 - KingBridge - 博客园https://www.cnblogs.com/kingbridge/articles/18100619
aliyun ctf chain17 回顾(超详细解读)-先知社区https://xz.aliyun.com/news/16179
CodeQL从入门到入土 - FreeBuf网络安全行业门户https://www.freebuf.com/articles/web/391242.html
原创 Paper | CodeQL 入门和基本使用 | CTF导航https://www.ctfiot.com/215157.html
细谈使用CodeQL进行反序列化链的挖掘过程-SecINhttps://www.sec-in.com/article/2043
利用codeql查找hsqldb2.7.3最新反序列化链-先知社区https://xz.aliyun.com/news/14260
safe6Sec/CodeqlNote: Codeql学习笔记https://github.com/safe6Sec/CodeqlNote?tab=readme-ov-file
自动化代码审计实践 | mayylu's bloghttps://mayylu.github.io/2024/08/02/java/%E8%87%AA%E5%8A%A8%E5%8C%96%E4%BB%A3%E7%A0%81%E5%AE%A1%E8%AE%A1%E5%AE%9E%E8%B7%B5/
https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#参考学习路线-
前言 · 攻击Java Web应用-[Java Web安全]https://www.javasec.org/
Y4tacker/JavaSec: a rep for documenting my study, may be from 0 to 0.1https://github.com/Y4tacker/JavaSec?tab=readme-ov-file
Java安全慢游记https://www.yuque.com/pmiaowu/gpy1q8
Drun1baby/JavaSecurityLearning: 记录一下 Java 安全学习历程,也算是半条学习路线了https://github.com/Drun1baby/JavaSecurityLearning
phith0n/JavaThings: Share Things Related to Java - Java安全漫谈笔记相关内容https://github.com/phith0n/JavaThings?tab=readme-ov-file
B站最全的Java安全学习路线_哔哩哔哩_bilibilihttps://www.bilibili.com/video/BV1Sv4y1i7jf/?spm_id_from=333.1007.top_right_bar_window_custom_collection.content.click
LyleMi/Learn-Web-Hacking: Study Notes For Web Hacking / Web安全学习笔记https://github.com/LyleMi/Learn-Web-Hacking
https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#博客公众号整理
https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#博客
Archives | Bmth's bloghttp://www.bmth666.cn/archives/
Y4tacker:Hacking The World!https://y4tacker.github.io/
All Posts - X1r0z Bloghttps://exp10it.io/posts/
Jasper_sechttps://jaspersec.top/
真爱和自由 的个人主页-先知社区https://xz.aliyun.com/users/141946/news
Archives - Boogiepop Doesn't Laughhttps://boogipop.com/archives/
https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#公众号
https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#工具推荐
vulhub/java-chains: Vulhub Vulnerability Reproduction Designated Platformhttps://github.com/vulhub/java-chains
jar-analyzer/jar-analyzer: Jar Analyzer - 一个 JAR 包 GUI 分析工具,方法调用关系搜索,方法调用链 DFS 算法分析,模拟 JVM 的污点分析验证 DFS 结果,字符串搜索,Java Web 组件入口分析,CFG 程序分析,JVM 栈帧分析,自定义表达式搜索。官方文档:https://docs.qq.com/doc/DV3pKbG9GS0pJS0tkhttps://github.com/jar-analyzer/jar-analyzer
ReaJason/MemShellParty: 一款专注于 Java 主流 Web 中间件的内存马快速生成工具,致力于简化安全研究人员和红队成员的工作流程,提升攻防效率https://github.com/ReaJason/MemShellParty
1diot9.github.iohttps://1diot9.github.io
java https://patch-diff.githubusercontent.com/topics/java
security https://patch-diff.githubusercontent.com/topics/security
websecurity https://patch-diff.githubusercontent.com/topics/websecurity
websec https://patch-diff.githubusercontent.com/topics/websec
javasecurity https://patch-diff.githubusercontent.com/topics/javasecurity
Readme https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy#readme-ov-file
Please reload this pagehttps://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy
Activityhttps://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy/activity
77 starshttps://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy/stargazers
2 watchinghttps://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy/watchers
14 forkshttps://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy/forks
Report repository https://patch-diff.githubusercontent.com/contact/report-content?content_url=https%3A%2F%2Fgithub.com%2F1diot9%2FMyJavaSecStudy&report=1diot9+%28user%29
Releaseshttps://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy/releases
Packages 0https://patch-diff.githubusercontent.com/users/1diot9/packages?repo_name=MyJavaSecStudy
Please reload this pagehttps://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy
JavaScript 34.4% https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy/search?l=javascript
HTML 34.0% https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy/search?l=html
Java 23.7% https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy/search?l=java
CSS 7.8% https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy/search?l=css
Python 0.1% https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy/search?l=python
Shell 0.0% https://patch-diff.githubusercontent.com/1diot9/MyJavaSecStudy/search?l=shell
https://github.com
Termshttps://docs.github.com/site-policy/github-terms/github-terms-of-service
Privacyhttps://docs.github.com/site-policy/privacy-policies/github-privacy-statement
Securityhttps://github.com/security
Statushttps://www.githubstatus.com/
Communityhttps://github.community/
Docshttps://docs.github.com/
Contacthttps://support.github.com?tags=dotcom-footer

Viewport: width=device-width


URLs of crawlers that visited me.