Mshell-攻防内存马研究
不知从那天起,内存马悄悄成为了新的技术研究方向。一边习惯了技术的更迭而淡定自若,一边突然面对消失的技术而黯然伤神消沉。猛回头,发现突然消失的又何止是技术?本项目用来收集整理内存马相关的技术资料,包括内存马技术原理实现方法具体的项目等。内存马在Java领域独领风骚,因此我们将重点关注Java内存马。
01-内存马资源
一、优秀文章
- [x] 内存马探究@Tide安全团队
- [x] Java内存马攻防实战——攻击基础篇@长亭科技Eki
- [x] 主机安全技术剖析-手把手教会你防御Java内存马@长亭科技Eki
- [x] 深入浅出内存马(一)@雷石安全实验室
- [x] 深入浅出内存马(二)@雷石安全实验室
- [ ] 一文看懂内存马@lex1993
- [ ] Java安全学习——内存马@Claradoll
- [x] 手把手教你实现tomcat内存马@雷石安全实验室
- [ ] 内存马的攻防博弈之旅@绿盟陈建军
- [ ] Tomcat内存马——Filter/servlet/Listener/valve@godown
- [ ] Spring内存马——Controller/Interceptor构造@godown
- [ ] JavaWeb 内存马一周目通关攻略@su18
- [ ] JavaWeb 内存马二周目通关攻略@su18
- [ ] JAVA内存马的“一生”@ga0weI
- [ ] 论如何优雅的注入Java Agent内存马@rebeyond
- [ ] Java内存攻击技术漫谈@rebeyond
- [ ] 一种新的Tomcat内存马 – Upgrade内存马@Sndav
- [ ] Shell中的幽灵王者—JAVAWEB 内存马 【认知篇】@su18
- [ ] Goby 利用内存马中的一些技术细节【技术篇】@su18
- [ ] 用 Goby 通过反序列化漏洞一键打入内存马【利用篇】@su18
- [ ] Tomcat 源代码调试笔记 – 看不见的 Shell@n1nty
- [ ] Tomcat 源代码调试 – 看不见的 Shell 第二式增强之无痕@n1nty
- [ ] Java内存马系列-01-基础内容学习@Drunkbaby
- [ ] Java内存马系列-02-内存马介绍@Drunkbaby
- [ ] Java内存马系列-03-Tomcat 之 Filter 型内存马@Drunkbaby
- [ ] Java内存马系列-04-Tomcat 之 Listener 型内存马@Drunkbaby
- [ ] Java内存马系列-05-Tomcat 之 Servlet 型内存马@Drunkbaby
- [ ] Java内存马系列-06-Tomcat 之 Valve 型内存马@Drunkbaby
- [ ] Java 内存马基础知识 —— Tomcat 架构学习@Drunkbaby
- [ ] Java 内存马与 JSP 不得不说的那些事儿@Drunkbaby
- [ ] 内存马的攻防博弈实操@renhao
- [ ] Java利用技巧——Jetty Filter型内存马@3gstudent
- [ ] 一种全新的内存马@veo
- [ ] 如何在攻防演练中针对内存马做好最后的安全防线?@安芯网盾
- [ ] 安芯网盾首发内存马攻击防护解决方案@安芯网盾
- [ ] Listener内存马注入分析@Sentiment
- [ ] 某知名Java框架内存马挖掘@4ra1n
- [ ] Filter/Servlet型内存马的扫描抓捕与查杀@c0ny1
- [ ] Webshell 内存马分析@Geekby
- [ ] 防守视角tomcat内存马的查杀@清水川崎
- [ ] 从零开始的内存马分析——如何骑马反杀(一)@Wumingzhilian
- [ ] 从零开始的内存马分析——如何骑马反杀(二)@Wumingzhilian
- [ ] 从零开始的内存马分析——如何骑马反杀(三)@Wumingzhilian
- [ ] 基于tomcat的内存 Webshell 无文件攻击技术@threedr3am
- [ ] 浅析Spring类内存马@Sentiment
- [ ] Shiro注入回显内存马@Sentiment
- [ ] Tomcat反序列化注入回显内存马@Sentiment
- [ ] 步履维艰之Struts2内存马@f0ng
- [ ] Resin内存马逆袭之路@Ha1ey
- [ ] Executor内存马的实现@bluE0
- [ ] Executor内存马的实现(二)@bluE0
- [ ] java内存马分析集合@奈*七
- [ ] 浅析JSP型内存马@tyskill
- [ ] Python 内存马分析@H3rmesk1t
- [ ] RuoYi 可用内存马@lz2y
- [ ] java filter马持久化@changeServer
- [ ] 利用Fastjson注入Spring内存马@洋洋
- [ ] Tomcat 内存马(一)Listener型@洋洋
- [ ] Tomcat 内存马(二)Filter型@洋洋
- [ ] JSP内存马研究@藏青
- [ ] JSP Webshell那些事——攻击篇(上)@阿里云云安全中心
- [ ] JSP Webshell那些事——攻击篇(下)@阿里云云安全中心
- [ ] 基于Tomcat无文件Webshell研究@l1nk3r
- [ ] java内存马攻击篇@dem0
- [ ] 一文简析内存马攻击防护解决方案@安芯网盾
- [ ] EXE文件内存加载@D4ck
- [ ] Tomcat 内存马检测@jweny
- [ ] Spring内存木马检测思路@安全狗
- [ ] 一枚野生resin filter内存马调试@superxx
- [ ] Tomcat内存马之Valve和WebSocket型@Lemono
- [ ] 自己动手写Filter型内存马@s8ark
- [ ] 基于ysoserial的深度利用研究(命令回显与内存马)@盛邦安全WebRAY
- [ ] 对tomcat-servlet内存马的学习路@superLeeH
- [ ] 结合CC链注入无文件Tomcat内存马@godownio
- [ ] Yso-Java Hack 进阶:利用反序列化漏洞打内存马@yaklang
- [ ] Spring Boot RCE到内存马探索@SecIN技术社区
- [ ] Resin内存马逆袭之路@Ha1ey
- [ ] MSMAP:一款功能强大的内存WebShell生成工具@Alpha_h4ck
- [ ] 如何从内存加载DLL@搬运工007
- [ ] JavaAgent技术在内存马中的应用@安全狗
- [ ] Java Agent到内存马@蚁景科技
- [ ] 蓝军反治系列之打造weblogic的持久化内存马后门@宽字节安全实验室
- [ ] 擅长捉弄的内存马同学:Valve内存马@potatosafe
- [ ] 擅长捉弄的内存马同学:Agent内存马(低卡)@potatosafe
- [ ] 擅长捉弄的内存马同学:Servlet内存马@potatosafe
- [ ] 擅长捉弄的内存马同学:Listener内存马@potatosafe
- [ ] 擅长捉弄的内存马同学:Filter内存马(高甜)@potatosafe
- [ ] 手搓Filter内存马从构造到利用讲解(内存马系列篇一)@RoboTerh
- [ ] 完全摸透Servlet内存马(内存马系列篇二)@RoboTerh
- [ ] 深入底层源码的Listener内存马(内存马系列篇三)@RoboTerh
- [ ] Tomcat架构之为Bypass内存马检测铺路(内存马系列篇四)@RoboTerh
- [ ] 绕过检测之Executor内存马浅析(内存马系列篇五)@RoboTerh
- [ ] 初探Upgrade内存马(内存马系列篇六)@RoboTerh
- [ ] WebSocket内存马之tomcat-websocket源码实现(内存马系列篇七)@RoboTerh
- [ ] 再探WebSocket内存马(内存马系列篇八)@RoboTerh
- [ ] 初探Spring内存马之Controller(内存马系列篇九)@RoboTerh
- [ ] 再谈Spring内存马之Interceptor(内存马系列篇十)@RoboTerh
- [ ] 浅析Tomcat架构上的Valve内存马(内存马系列篇十一)@RoboTerh
- [ ] 谈谈java agent技术的实现(内存马系列篇十二)@RoboTerh
- [ ] 构造agent类型的内存马(内存马系列篇十三)@RoboTerh
- [ ] spring回显方式在代码层面的复现(内存马系列篇十四)@RoboTerh
- [ ] 寻找全局Request进行Tomcat内存马注入(内存马系列篇十五)@RoboTerh
- [ ] 对上篇注入内存马方式的缩短改造(内存马篇十六)@RoboTerh
- [ ] WebSphere内存马分析@饼干屑小鬼
- [ ] GlassFish-Filter内存马分析@饼干屑小鬼
- [ ] Jetty 内存马注入分析@饼干屑小鬼
- [ ] Wildfly中间件内存马分析@饼干屑小鬼
- [ ] Resin内存马分析@饼干屑小鬼
- [ ] TemplatesImpl利用链与Fastjson注入内存马@ajie
- [ ] 反序列化分析到shiro注入WebSocket内存马@ajie
- [ ] 利用 PHP-FPM 做内存马的方法@wofeiwo
- [ ] java Filter内存马分析@奈*七
- [ ] Spring Interceptor 内存马分析@yecp
- [ ] Java内存马:一种Tomcat全版本获取StandardContext的新方法@bitterz
- [ ] Resin回显及内存马@九五二七
- [ ] ASP.NET下的内存马(1) filter内存马@yzddmr6
- [ ] ASP.NET下的内存马(2) Route内存马@yzddmr6
- [ ] ASP.NET下的内存马(3) HttpListener内存马@yzddmr6
- [ ] ASP.NET下的内存马(4) VirtualPath内存马@yzddmr6
- [ ] NoAgent内存马检测工具@xyyl1l
- [ ] 瞒天过海计之Tomcat隐藏内存马@wh4am1
- [ ] 从一个被Tomcat拒绝的漏洞到特殊内存马@4ra1n
- [ ] jMG – 高度自定义的 Java 内存马生成工具@pen4uin
- [ ] jMG v1.0.5介绍@pen4uin
- [ ] 学习JAVA内存SHELL@x1a0t
- [ ] Spring Memory Shell@jlkl
- [ ] Spring Memory Shell@ch1e
- [ ] ControllerAdviceBean Memory Shell@ch1e
- [ ] Executor Memory Shell@ch1e
- [ ] Servlet Memory Shell@ch1e
- [ ] Java内存马之Filter内存马@ch1e
- [ ] Executor Memory Shell@cjlusec
- [ ] Agent内存马的自动分析与查杀@白鹭鹭鹭
- [ ] 基于内存 Webshell 的无文件攻击技术研究@LandGrey
- [ ] 利用 intercetor 注入 spring 内存 webshell@LandGrey
- [ ] 内存马学习专区@Y4tacker
- [ ] Tomcat Servlet-Api内存马总结及代码实现@automne
- [ ] 护网专题第一篇-Java内存马(上)@零鉴科技
- [ ] 护网专题第二篇-Java内存马(下)@零鉴科技
- [ ] Linux下无文件Java agent探究@Xiaopan233
- [ ] 浅谈 Java Agent 内存马@天下大木头
- [ ] Java Agent 内存马攻防@iO快到碗里来
- [ ] Java Agent 内存马@X1r0zi
- [ ] JavaAgent内存马研究@藏青
- [ ] Java Agent内存马学习@bmth
- [ ] Java Agent到内存马(一)@N0r4h
- [ ] Java Agent到内存马(二)@N0r4h
- [ ] Java Agent到内存马@许木
- [ ] Java Agent内存马演变历史@ctfiot
- [ ] Java Agent 内存马简介@PassbyA
- [ ] Tomcat Agent 型内存马@paoka1
- [ ] Java Agent 内存马@viewofthai
- [ ] Java Agent内存马–从入门到踩坑@z3ratu1
- [ ] Java Agent内存马实现与检测@lemono
- [ ] Java Agent内存马研究学习@JD.Army
- [ ] ServletListenerFilter内存马查杀手段一@RoboTerh
- [ ] Servlet内存马利用分析@Sentiment
- [ ] 基于全局储存的新思路 | Tomcat的一种通用回显方法研究@Litch1
- [ ] Msmap内存马生成框架(一)@hosch3n
- [ ] Msmap内存马生成框架(二)@hosch3n
- [ ] Msmap内存马生成框架(三)@hosch3n
- [ ] Java安全-记一次实战使用memoryshell@7bits
- [ ] Executor内存马的实现@深蓝
- [ ] 第20篇:改造冰蝎客户端适配JNDIExploit的内存马@abc123
- [ ] 深入浅出内存马@小*见
- [ ] WebsocketAndTimer内存马的查杀分析和代码实现 @RoboTerh
- [ ] https://xz.aliyun.com/t/13268
- [ ] https://github.com/W01fh4cker/LearnJavaMemshellFromZero
- [ ] https://xz.aliyun.com/t/13638
- [ ] https://xz.aliyun.com/t/13640
- [ ] https://xz.aliyun.com/t/13639
二、开源项目
- [x] https://github.com/topics/memshell
- [x] https://github.com/search?q=memshell
- [x] https://github.com/pen4uin/java-memshell-generator
- [x] https://github.com/hosch3n/msmap
- [x] https://github.com/0x00007c00/JundeadShell
- [x] https://github.com/threedr3am/ZhouYu
- [x] https://github.com/feihong-cs/memShell
- [x] https://github.com/jweny/MemShellDemo
- [x] https://github.com/achuna33/Memoryshell-JavaALL
- [x] https://github.com/achuna33/FuckMemshell
- [x] https://github.com/BeichenDream/GodzillaMemoryShellProject
- [x] https://github.com/ethushiroha/JavaAgentTools
- [x] https://github.com/rebeyond/memShell
- [x] https://github.com/ax1sX/MemShell
- [x] https://github.com/0x727/DropLabTools
- [x] https://github.com/su18/MemoryShell
- [x] https://github.com/safe6Sec/MemoryShell
- [x] https://github.com/NikolaGareth/MemoryShell
- [x] https://github.com/7BitsTeam/LearningAgentShell
- [x] https://github.com/gobysec/Memory-Shell
- [x] https://github.com/XhstormR/memshell-serial
- [x] https://github.com/minhangxiaohui/JAVA_memshells
- [x] https://github.com/kuron3k0/java_memshell
- [x] https://github.com/changheluor007/MemShell-1
- [x] https://github.com/bmth666/memshell
- [ ] https://github.com/Octoberfest7/MemFiles
- [ ] https://github.com/lz2y/yaml-payload-for-ruoyi
- [ ] https://github.com/retry-later/MemoryShell_java
- [ ] https://github.com/AzRunRCE/MemoryShellCodeExploit
- [ ] https://github.com/kyo-w/router-router
- [x] https://github.com/INT2ECALL/Awesome-JavaMemoryShell
- [x] https://github.com/cri1wa/MemShell
- [ ] https://github.com/c0ny1/java-object-searcher
- [ ] https://github.com/pwntester/ysoserial.net
- [ ] https://github.com/veo/vagent
- [ ] https://github.com/rzte/agentcrack
- [ ] https://github.com/veo/ebpf_shell
- [ ] https://github.com/veo/nginx_shell
- [x] https://github.com/ReaJason/MemShellParty
三、学术论文
- [ ] 面向Java 的高对抗内存型Webshell 检测技术@张金莉 陈星辰等
- [ ] 一种针对Tomcat Filter型的MemShell检测技术研究@蔡国宝 张昆等
四、其他项目
02-内存马原理
- [ ] https://0e0w.com/Mshell #文章编写中,待公开
03-内存马实战
一、Tomcat
- [x] https://github.com/Getshell/TomShell
- [x] https://github.com/ce-automne/TomcatMemShell
- [ ] https://github.com/K4ys0n/TomcatMemShellDemo
- [ ] https://github.com/bitterzzZZ/MemoryShellLearn
- [x] https://github.com/birdhan/Memory
二、Weblogic
- [x] https://github.com/Getshell/WeblogicShell
- [ ] https://github.com/keven1z/weblogic_memshell
- [ ] https://github.com/Y4er/WebLogic-Shiro-shell
三、Spring
- [x] https://github.com/Getshell/SpringShell
- [ ] https://github.com/passer-W/snakeyaml-memshell
- [ ] https://github.com/mieeA/SpringWebflux-MemShell
- [ ] https://github.com/viemsr/spring_cloud_gateway_memshell
四、Shiro
- [ ] https://github.com/KpLi0rn/ShiroVulnEnv
- [ ] https://github.com/yyhuni/shiroMemshell
五、Jboss
六、WebSphere
七、Python
- [ ] https://github.com/iceyhexman/flask_memory_shell
八、.NET
- [ ] https://github.com/crisprss/net_memory_webshell
- [ ] https://github.com/BeichenDream/GodzillaMemoryShellProject.NET
九、Struts2
十、WebSocket
- [x] https://github.com/veo/wsMemShell
- [ ] https://www.freebuf.com/articles/web/339702.html
- [ ] https://paper.seebug.org/1935
- [ ] Tomcat WebSocket内存马原理浅析@wh1sper
- [ ] https://www.cnblogs.com/duanxz/p/5041110.html
- [ ] WebSocket通信原理和在Tomcat中实现源码详解@徐同学呀
- [ ] websocket新型内存马的应急响应@flamingo
十一、gRPC
- [ ] 内存马的攻防博弈之旅之GRPC内存马@绿盟陈建军
- [ ] https://github.com/snailll/gRPCDemo
- [ ] gRPC内存马研究与查杀@0goid
九九、待整理
- [ ] Shiro反序列化注入内存马@ch1e
- [ ] Fastjson反序列化注入内存马@ch1e
- [ ] https://github.com/whwlsfb/cve-2022-22947-godzilla-memshell
- [ ] https://github.com/A-D-Team/SharpMemshell
- [ ] https://github.com/threedr3am/JSP-WebShells
- [ ] https://github.com/Boogipop/Netty-WebFlux-Memshell
04-内存马查杀
- [ ] 给木马带双眼睛@KyoDream
- [ ] 查杀Java web filter型内存马@c0ny1
- [ ] https://github.com/geekmc/FindShell
- [ ] https://github.com/4ra1n/shell-analyzer
- [ ] https://github.com/c0ny1/java-memshell-scanner
- [ ] https://github.com/LandGrey/copagent
- [ ] https://github.com/alibaba/arthas
- [ ] https://github.com/sf197/MemoryShellHunter
- [ ] https://github.com/cri1wa/DefendMemoryShell
- [ ] https://github.com/tovd-go/java-memshell-scan
- [ ] https://github.com/huoji120/DuckMemoryScan
- [ ] https://github.com/threedr3am/GuanYu
- [ ] https://mp.weixin.qq.com/s/y6qEtfhdA8Udmvxuh7H12Q
05-内存马参考
- [ ] https://github.com/pen4uin
- [ ] https://github.com/threedr3am
- [ ] https://github.com/Getshell/Webshell
- [ ] https://github.com/HackJava/HackJava
- [ ] https://github.com/HackJava/JNDI
- [ ] https://github.com/HackJava/jspshell
- [ ] https://github.com/RoboTerh
© 版权声明
文章版权归作者所有,转载请标明出处。
THE END
- 最新
- 最热
只看作者