Simple script that fixes all InaccessibleObjectException or IllegalAccessError for ysoserial using Java 17 · GitHub
November 20, 2025 at 9:00:36 AM UTC * - permalink -

- https://gist.github.com/JorianWoltjer/5210e99c13189446ece5ffe3e9fe3d90

Attacking Java RMI via SSRF | qtc's blog
December 31, 2021 at 2:27:06 PM UTC - permalink -

- https://blog.tneitzel.eu/posts/01-attacking-java-rmi-via-ssrf/

CVE-2017-12149 Exploited in Wild | Praveen's Blogspot
October 25, 2021 at 1:40:23 PM UTC - permalink -

- https://praveenp13.wordpress.com/2018/01/20/cve-2017-12149-exploited-in-wild/

java.lang.Runtime.exec() Payload Workarounds - @Jackson_T
October 21, 2021 at 12:49:07 PM UTC * - permalink -

- https://ares-x.com/tools/runtime-exec/

Experiences in pentesting DWR |
October 14, 2021 at 11:39:21 AM UTC - permalink -

- http://aetherlab.net/2012/09/experiences-in-pentesting-dwr/

What Do WebLogic, WebSphere, JBoss, Jenkins, OpenNMS, and Your Application Have in Common? This Vulnerability.
September 10, 2021 at 9:19:13 PM UTC - permalink -

- https://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/

Exploiting JMX RMI | Optiv
July 13, 2021 at 3:04:49 PM UTC - permalink -

- https://web.archive.org/web/20201027062446/https://www.optiv.com/explore-optiv-insights/blog/exploiting-jmx-rmi

qtc-de/beanshooter: JMX enumeration and attacking tool.
July 13, 2021 at 1:12:53 PM UTC - permalink -

- https://github.com/qtc-de/beanshooter

The Java Soothsayer: A practical application for insecure randomness. (Includes free 0day)
July 13, 2021 at 11:16:14 AM UTC * - permalink -

- https://web.archive.org/web/20180315203404/https://medium.com/@alex91ar/the-java-soothsayer-a-practical-application-for-insecure-randomness-c67b0cd148cd

Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464) | PortSwigger Research
June 29, 2021 at 1:03:41 PM UTC - permalink -

- https://portswigger.net/research/pre-auth-rce-in-forgerock-openam-cve-2021-35464

ORACLE-BASE - Shell Commands From PL/SQL
March 10, 2021 at 11:45:39 AM UTC - permalink -

- https://oracle-base.com/articles/8i/shell-commands-from-plsql

Stackifier
October 28, 2020 at 4:52:10 PM UTC - permalink -

- http://www.stackifier.com/

Issues · FasterXML/jackson-databind
October 27, 2020 at 1:49:47 PM UTC - permalink -

- https://github.com/FasterXML/jackson-databind/issues?page=1&q=label%3ACVE

jackson_deserialization.pdf
September 1, 2020 at 3:23:05 PM UTC - permalink -

- https://www.nccgroup.com/globalassets/our-research/us/whitepapers/2018/jackson_deserialization.pdf

Exploiting the Jackson RCE: CVE-2017-7525 — Adam Caudill
April 30, 2020 at 9:12:35 AM UTC - permalink -

- https://adamcaudill.com/2017/10/04/exploiting-jackson-rce-cve-2017-7525/

The Supreme Backdoor Factory - dfir it!
March 6, 2019 at 4:45:31 PM UTC - permalink -

- https://dfir.it/blog/2019/02/26/the-supreme-backdoor-factory/

GitHub - quentinhardy/jndiat: JNDI Attacking Tool
December 13, 2018 at 5:50:23 PM UTC - permalink -

- https://github.com/quentinhardy/jndiat