Popular repositories

1. CVE-2021-25641-Proof-of-Concept CVE-2021-25641-Proof-of-Concept Public

   Apache/Alibaba Dubbo <= 2.7.3 PoC Code for CVE-2021-25641 RCE via Deserialization of Untrusted Data; Affects Versions <= 2.7.6 With Different Gadgets

   Java 54 13

2. CVE-2019-17564-FastJson-Gadget CVE-2019-17564-FastJson-Gadget Public

   Basic code for creating the Alibaba FastJson + Spring gadget chain, as used to exploit Apache Dubbo in CVE-2019-17564 - more information available at https://www.checkmarx.com/blog/apache-dubbo-una…

   Java 15 2

3. Browserat Browserat Public

   A POC reverse shell that can utilize multiple major web-browsers to provide remote access. Intended to demonstrate remote control of an endpoint within a high security network, if that endpoint is …

   Python 9 2

4. ActivitySurrogateSelector-.NET-3.5-Exploit-Generator ActivitySurrogateSelector-.NET-3.5-Exploit-Generator Public

   Simple tool to create deserialization attack gadget chains for older .NET 3.5 applications using BinaryFormatter, ObjectStateFormatter, SoapFormatter or LosFormatter. Original ActivitySurrogateSele…

   C# 4 1

5. MSMQ-BinaryMessageFormatter-Exploit-for-.NET-4.5 MSMQ-BinaryMessageFormatter-Exploit-for-.NET-4.5 Public

   This exploit was demonstrated in the talk "(DE)SERIAL KILLERS" in BSides Las Vegas 2018. It demonstrates exploitation against demo code provided by Microsoft for BinaryMessageFormatter, at https://…

   C# 2 2

6. MSMQ-BinaryMessageFormatter-Exploit-for-.NET-3.5 MSMQ-BinaryMessageFormatter-Exploit-for-.NET-3.5 Public

   This exploit was demonstrated in the talk "(DE)SERIAL KILLERS" in BSides Las Vegas 2018. It demonstrates exploitation in .NET 3.5 against demo code provided by Microsoft for BinaryMessageFormatter,…

   C# 2 2