We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Describe the bug 代码执行后,我们可以通过theUnsafe去实例化一个对象且不调用他的构造方法,之后去执行对象的native方法,另外需要注意Unsafe的其他方法,也能用于bypass。 https://tech.meituan.com/2019/02/14/talk-about-java-magic-class-unsafe.html
demo: https://github.com/turn1tup/JvmRaspBypass/blob/main/src/main/java/com/test/Cmd.java
The text was updated successfully, but these errors were encountered:
这应该是所有基于instrument的JVM RASP应用无法避免的问题,直接调用native方法会被绕过,目前能缓解的方案是部署整套Elkeid方案,因为driver层面是无法被绕过的。RASP主要是作为定位代码漏洞的手段,提供调用栈和代码行号等信息。
Sorry, something went wrong.
或许之后可以考虑在JVM层面对native方法进行inline hook
如果不考虑性能影响,可以对Method.setAccessible、Method.invoke等api进行hook,那么该bypass行为便能感知,并且可以配置相应的阻断规则。
No branches or pull requests
Describe the bug
代码执行后,我们可以通过theUnsafe去实例化一个对象且不调用他的构造方法,之后去执行对象的native方法,另外需要注意Unsafe的其他方法,也能用于bypass。
https://tech.meituan.com/2019/02/14/talk-about-java-magic-class-unsafe.html
demo:
https://github.com/turn1tup/JvmRaspBypass/blob/main/src/main/java/com/test/Cmd.java
The text was updated successfully, but these errors were encountered: