Our great sponsors
-
ysoserial
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
I think a mistake many people make, is they assume it's for untrusted code or applets or something along those lines, but this completely ignores access controls, besides signed applets were given AllPermission, which was just nuts in my opinion. If you read Li Gong's book "Inside Java 2 Platform Security, Second Edition", he informs the reader that remote data which has the capability to modify state, should be treated the same as code, when you take that perspective, it means that Java Serialization and XML parsers should have had an unprivileged domain placed onto the call stack, to represent untrusted data. Java Serialization was designed a long time ago, I noticed even tonight a new gadget attack was posted against Java Serialization. https://github.com/frohoff/ysoserial/commit/d367e379d961c18bff28fd2c888a2c8fe0dc6e63#commitcomment-51212711
-
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
JGDMS
Infrastructure for providing secured micro services, that are dynamically discoverable and searchable over ipv6 networks
Sun Microsystems policy tool
