security-labs-pocs
adoptium
Our great sponsors
security-labs-pocs | adoptium | |
---|---|---|
9 | 150 | |
412 | 173 | |
0.5% | 1.2% | |
5.0 | 7.0 | |
7 months ago | 10 days ago | |
C | ||
GNU General Public License v3.0 or later | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
security-labs-pocs
-
Python install for non IT staff
Also to your point, interpreted languages are not as reliably detected by AV/NGAV/EDR/etc. from my experience. You could inquire with your EDR's technical reps or try downloading/running some existing malware written in Python in a disposable VM with your EDR installed and see if it gets picked up. Here are some real-world examples you could use, too: https://github.com/DataDog/security-labs-pocs/tree/main/malware-samples/pypi
- DataDog/security-labs-pocs: Proof of concept code for Datadog Security Labs referenced exploits. Now updated with a vulnerable environment to test out the new Confluence #CVE202226134 vulnerability. Handy.
- GitHub - DataDog/security-labs-pocs: Proof of concept code for Datadog Security Labs referenced exploits.
- Null ECDSA Signatures - Proof of concept for bypassing JWT signature checks using CVE-2022-21449
- Exploitation and Sample Vulnerable Application of the JWT Null Signature Vulnerability (CVE-2022-21449)
-
CVE-2022-21449
Arch as well but the point about responsible disclosure is for the majority of users to have the patch before the vulnerability and POC are published. And I'd bet most Java web things are running on one of the unpatched builds (like Ubuntu with its 10 year LTS).
- Exploitation and Sample Vulnerable Application of the JWT Null Signature Vulnerability (CVE-2022-21449) - not a real app, but fundament technique means it is only time
-
CVE-2022-21449: Psychic Signatures in Java
For anyone looking to reproduce the vulnerability with a sample vulnerable application, my team just released this to showcase it applied to bypass a JWT verification process: https://github.com/DataDog/security-labs-pocs/tree/main/proof-of-concept-exploits/jwt-null-signature-vulnerable-app
adoptium
-
How can I implement a simple asynchronous DRAM controller? (2018)
Used the recommended JRT https://adoptium.net/
Wandered through the https://github.com/hneemann/Digital site and saw past issues with JRT but no obvious solution.
I have a couple hundred GALs of same or similar model number of new old stock
-
I REALLY NEED HELP WITH THIS SERVER, HUGE ISSUE PLZ
Oracle Java is shit use https://adoptium.net/ or another one
- ClickHouse Keeper: A ZooKeeper alternative written in C++
- OpenTF Renames Itself to OpenTofu
-
JDK 21 Release Notes
Some options for those who prefer to avoid the Oracle minefield:
https://adoptium.net
https://aws.amazon.com/corretto
https://www.azul.com/downloads
https://bell-sw.com/pages/downloads
Sadly, no-one has managed to package it yet, but we should get something in the next couple of days. Since 21 is an "LTS" release, major Linux distributions will provide a runtime pretty soon. Ubuntu backports them to old releases too.
- Any JavaFX+Linux user here?
-
Downloading Java... couldn't find what I needed when searching the subreddit
https://adoptium.net/ This link?
-
Please help!!!! (MultiMc problem)
I'm using this one on MultiMC. https://adoptium.net/
-
Help how 2 do this
some of these will take care of java for you, others are more manual. if you need java, I recommend https://adoptium.net/
-
Few general questions from hopefully Java beginner-to-be?
You can totally use VSCode. It's Java support is quite good (it really uses Eclipse under the hood basically). You can compile Java code by hand if you install the Java Development Kit. You can also use a build tool to help you. Maven is the most used one. It has a bit of a learning curve but makes using libraries a lot easier.
What are some alternatives?
corretto-17 - Amazon Corretto 17 is a no-cost, multi-platform, production-ready distribution of OpenJDK 17
ATLauncher - ATLauncher is a Launcher for Minecraft which integrates multiple different ModPacks to allow you to download and install ModPacks easily and quickly.
jjwt - Java JWT: JSON Web Token for Java and Android
docker-images - Official source of container configurations, images, and examples for Oracle products and projects
javafx-gradle-plugin - Gradle plugin that makes it easy to work with JavaFX 11+
adoptium.net - Development of the website has moved to https://github.com/adoptium/website-v2
SDKMan - The SDKMAN! Command Line Interface
PolyMC - A custom launcher for Minecraft that allows you to easily manage multiple installations of Minecraft at once (Fork of MultiMC)
prime-mvc - Prime MVC is a high performance Model View Controller framework built in Java.
FrameworkBenchmarks - Source for the TechEmpower Framework Benchmarks project
amber-docs - https://openjdk.org/projects/amber