security-labs-pocs
Proof of concept code for Datadog Security Labs referenced exploits. (by DataDog)
installer
Installer scripts for Eclipse Temurin binaries (by adoptium)
Our great sponsors
security-labs-pocs | installer | |
---|---|---|
9 | 2 | |
412 | 140 | |
0.5% | 0.7% | |
5.0 | 9.1 | |
7 months ago | 3 days ago | |
C | Java | |
GNU General Public License v3.0 or later | Apache License 2.0 |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
security-labs-pocs
Posts with mentions or reviews of security-labs-pocs.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2022-04-21.
-
Python install for non IT staff
Also to your point, interpreted languages are not as reliably detected by AV/NGAV/EDR/etc. from my experience. You could inquire with your EDR's technical reps or try downloading/running some existing malware written in Python in a disposable VM with your EDR installed and see if it gets picked up. Here are some real-world examples you could use, too: https://github.com/DataDog/security-labs-pocs/tree/main/malware-samples/pypi
- DataDog/security-labs-pocs: Proof of concept code for Datadog Security Labs referenced exploits. Now updated with a vulnerable environment to test out the new Confluence #CVE202226134 vulnerability. Handy.
- GitHub - DataDog/security-labs-pocs: Proof of concept code for Datadog Security Labs referenced exploits.
- Null ECDSA Signatures - Proof of concept for bypassing JWT signature checks using CVE-2022-21449
- Exploitation and Sample Vulnerable Application of the JWT Null Signature Vulnerability (CVE-2022-21449)
-
CVE-2022-21449
Arch as well but the point about responsible disclosure is for the majority of users to have the patch before the vulnerability and POC are published. And I'd bet most Java web things are running on one of the unpatched builds (like Ubuntu with its 10 year LTS).
- Exploitation and Sample Vulnerable Application of the JWT Null Signature Vulnerability (CVE-2022-21449) - not a real app, but fundament technique means it is only time
-
CVE-2022-21449: Psychic Signatures in Java
For anyone looking to reproduce the vulnerability with a sample vulnerable application, my team just released this to showcase it applied to bypass a JWT verification process: https://github.com/DataDog/security-labs-pocs/tree/main/proof-of-concept-exploits/jwt-null-signature-vulnerable-app
installer
Posts with mentions or reviews of installer.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2022-04-21.
-
CVE-2022-21449
The move to the MS Build was purely because MS had apt repos out about 2 months before Adoptium got their sorted when they moved from Adopt to Adoptium. https://github.com/adoptium/installer/issues/330
-
Fully at a loss when making this server
Additional resources: MultiMC#4452, FTB-Modpack-Issues#603, adoptium/installer#428
What are some alternatives?
When comparing security-labs-pocs and installer you can also consider the following projects:
corretto-17 - Amazon Corretto 17 is a no-cost, multi-platform, production-ready distribution of OpenJDK 17
FTB-Modpack-Issues - Any and all FTB Modpack issues are here! Please create a new issue, add to an existing one or maybe even suggest a feature in the discussions
adoptium
jjwt - Java JWT: JSON Web Token for Java and Android
Installomator - Installation script to deploy standard software on Macs
archfi - Arch Linux Fast Installer : tutorial installer
modlauncher - Java 17 mod launcher
pi-apps - Raspberry Pi App Store for Open Source Projects