recentpopularlog in

whip_lash : java   16

mstrobel / Procyon / wiki / Java Decompiler — Bitbucket
As a developer who splits his time between the .NET and Java platforms, I have been surprised and dismayed by the lackluster selection of decompilers in the Java ecosystem. Jad (no longer maintained, closed source) and JD-GUI (GPL3) are pretty decent choices, but the former does not support Java 5+ language features, and the latter tends to barf on code emitted by my LINQ/DLR tree compiler.

To address the situation, I recently started developing a decompiler myself, inspired by (and borrowed heavily from) ILSpy and Mono.Cecil.
code  decompiler  java  opensource 
january 2019 by whip_lash
From blind XXE to root-level file read access | Honoki
Below, I will outline the thought process that helped me make sense of what I encountered, and that in the end allowed me to elevate what seemed to be a medium-criticality vulnerability into a critical finding.

I will put deliberate emphasis on the various error messages that I encountered in the hope that it can point others in the right direction in the future.
java  security  xxe  pentest 
december 2018 by whip_lash
Oracle Plans to Drop Java Serialization Support, the Source of Most Security Bugs
Oracle plans to drop support for data serialization/deserialization from the main body of the Java language
java  deserialization 
may 2018 by whip_lash
Attacking Java Deserialization | NickstaDB
In this blog post I’ll attempt to clear up some confusion around deserialization vulnerabilities and hopefully lower the bar to entry in exploiting them using readily available tools. I’ll be focusing on Java, however the same concepts apply to other languages. I’ll also be focusing on command execution exploits in order to keep things simple.
java  pentesting  webapp  deserialization 
may 2018 by whip_lash
IORAD Makes Explaining Step-by-Step Computer Instructions Easier
If you're the one who has to explain computer things to co-workers, friends, or family members, IORAD knows your pain. The webapp is set up specifically to capture screens and video demonstrations, then annotate them with easy-to-grasp tools.
java  software  sysadmin 
july 2010 by whip_lash
In sophisticated languages like Java, there are so many details that learning these
details often becomes the focus of the course. When that happens, the much more critical
issues of problem solving tend to get lost in the shuffle. By starting with Karel, you can
concentrate on solving problems from the very beginning. And because Karel encourages
imagination and creativity, you can have quite a lot of fun along the way.
java  tutorial  education 
august 2009 by whip_lash

Copy this bookmark:

to read