gov-takedowns
marshalsec
gov-takedowns | marshalsec | |
---|---|---|
19 | 7 | |
3,060 | 3,211 | |
0.2% | - | |
2.1 | 0.0 | |
9 months ago | over 1 year ago | |
Java | ||
- | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
gov-takedowns
-
How are Chinese devs able to use Github?
By complying with the Chinese/Hong Kong government requests: https://github.com/github/gov-takedowns
- 原来 GitHub 早就公开了政府下架要求
- 编程随想显然是因为心理漏洞才身陷囹圄的
- 中国大陆搜查令,可以要求github提供指定用户的个人信息以及ip等相关信息吗?
-
GitHub suspends Tornado Cash developer account
Yes, this happened at least once before, when the Spanish government asked GitHub to take down repositories related to applications helping citizens to organize focused protests: https://github.com/github/gov-takedowns/blob/master/Spain/20...
The group that was focused in the take down requests was "Tsunami Democràtic", which you can find some background information about here: https://en.wikipedia.org/wiki/Democratic_Tsunami
- DMCA Notices Took Down 19,276 GitHub Projects Last Year
- GitHub Text of government takedown notices as received
-
Hacker News top posts: Apr 9, 2022
GitHub Text of government takedown notices as received\ (27 comments)
-
GitHub needs to disable its Roskomnadzor filter
Which takedown notices from https://github.com/github/gov-takedowns/tree/master/Russia should be reversed? A quick check of recent takedowns is showing gambling/spam sites.
marshalsec
-
How do I construct a curl command for a log4shell ldap server?
I'm using this: https://github.com/mbechler/marshalsec as an LDAP server.
-
A Study Notes of Exploit Spring Boot Actuator
According to the introduction in https://github.com/mbechler/marshalsec/blob/master/marshalsec.pdf, in addition to the javax.script.ScriptEngineManager class , we can also use the com.sun.rowset.JdbcRowSetImplclass to complete the exploitation through JNDI injection. The payload is as follows
-
Log4Shell log4j vulnerability (CVE-2021-44228) - cheat-sheet reference guide
Not sure if that method actually works since LDAP is a different protocol than HTTP? If you're running an HTTP server as the receiver, then your server is just going to be confused by the connection and it might not log anything. You either want to run an LDAP server like https://github.com/mbechler/marshalsec , or have some logging method that triggers on any TCP connection, or use a service like dnslog.cn that can log for you. (although I've seen a lot of companies are now specifically blocking that domain which seems silly).
- GitHub taking down tools allowing defenders to reproduce the Log4j vulnerability
- WTH
- Java Unmarshaller Security – Turning your data into code execution
- Log4j RCE Found
What are some alternatives?
china-dictatorship - 反中共政治宣传库。Anti Chinese government propaganda. 住在中国真名用户的网友请别给星星,不然你要被警察请喝茶。常见问答集,新闻集和饭店和音乐建议。卐习万岁卐。冠状病毒审查郝海东新疆改造中心六四事件法轮功 996.ICU709大抓捕巴拿马文件邓家贵低端人口西藏骚乱。Friends who live in China and have real name on account, please don't star this repo, or else the police might pay you a visit. Home to the mega-FAQ, news compilation, restaurant and music recommendations.Heil Xi 卐. 大陆修宪香港恶法台湾武统朝鲜毁约美中冷战等都是王沪宁愚弄习思想极左命运共同体的大策划中共窃国这半个多世纪所犯下的滔天罪恶,前期是毛泽东策划的,中期6.4前后是邓小平策划的,黄牛数据分析后期是毛的极左追随者三朝罪恶元凶王沪宁策划的。王沪宁高小肆业因文革政治和情报需要保送“学院外语班“红色仕途翻身,所以王的本质是极左的。他是在上海底层弄堂长大的,因其本性也促成其瘪三下三滥个性,所以也都说他有易主“变色龙”哈巴狗“的天性。大陆像王沪宁这样学马列政治所谓"法学"专业的人,在除朝鲜古巴所有国家特别是在文明发达国家是无法找到专业对口工作必定失业,唯独在大陆却是重用的紧缺“人才”,6.4后中共信仰大危机更是最重用的救党“人才”。这也就是像王沪宁此类工农兵假“大学生”平步青云的原因,他们最熟悉毛泽东历次运动的宫庭内斗经验手段和残酷的阶级斗争等暴力恐怖的“政治学”。王沪宁能平步青云靠他这马毛伪“政治学”资本和头衔,不是什么真才实学,能干实事有点真才实学的或许在他手下的谋士及秘书班子中可以找到。王沪宁的“真才实学”只不过是一个只读四年小学的人,大半辈子在社会上磨炼特别是在中共官场滚打炼出的的手段和经验而已,他和习近平等保送的工农兵假“大学生”都一样,无法从事原“专业”都凭红资本而从政。六四学运期间各界一边倒支持学生,王沪宁一度去法国躲避和筹谋,他还加入了反学运签名,成为极少有的反学运者仕途突显,在六四和苏联垮台后中共意识形态危机,江泽民上台看上唯一能应急的王沪宁聚谋
Java-Deserialization-Cheat-Sheet - The cheat sheet about Java Deserialization vulnerabilities
996.ICU - Repo for counting stars and contributing. Press F to pay respect to glorious developers.
Apache Log4j 2 - Apache Log4j 2 is a versatile, feature-rich, efficient logging API and backend for Java.
Xi-Yuyan - 习语言,又称习近平中国特色社会主义互联网编程语言,是一种反映习近平新时代中国特色社会主义思想的新兴语言,有助于经济发展和科技进步,为中华民族伟大复兴中国梦做出贡献。
JNDIExploit - 一款用于JNDI注入利用的工具,大量参考/引用了Rogue JNDI项目的代码,支持直接植入内存shell,并集成了常见的bypass 高版本JDK的方式,适用于与自动化工具配合使用。
JNDIExploit-1 - 一款用于JNDI注入利用的工具,大量参考/引用了Rogue JNDI项目的代码,支持直接植入内存shell,并集成了常见的bypass 高版本JDK的方式,适用于与自动化工具配合使用。
jdk8u - https://wiki.openjdk.org/display/jdk8u
shadowsocks
logging-log4j1 - Apache log4j1
lunasec - LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/