frohoff
building things, breaking things, building things that break things. ysoserial night janitor. journeyman ctf plumber. he/him
San Diego, CA
Pinned Repositories
appseccali-marshalling-pickles
Slide deck from AppSecCali 2015 Talk "Marshalling Pickles: how deserializing objects will ruin your day"
ciphr
CLI crypto swiss-army knife for performing and composing encoding, decoding, encryption, decryption, hashing, and other various cryptographic operations on streams of data from the command line; mostly intended for ad hoc, infosec-related uses.
grepcidr
from http://www.pc-tools.net/unix/grepcidr/
inspector-gadget
Primitive tool for exploring/querying Java classes via the Tinkerpop Gremlin graph traversal language
jdk8u-dev-jdk
jdk8u-jdk
marshalsec
owaspsd-deserialize-my-shorts
Slide deck from OWASP SD Talk "Deserialize My Shorts: Or How I Learned to Start Worrying and Hate Java Object Deserialization"
ysoserial
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
frohoff's Repositories
frohoff/inspector-gadget
Primitive tool for exploring/querying Java classes via the Tinkerpop Gremlin graph traversal language
frohoff/appseccali-marshalling-pickles
Slide deck from AppSecCali 2015 Talk "Marshalling Pickles: how deserializing objects will ruin your day"
frohoff/sleepyhead
imported from https://sourceforge.net/projects/sleepyhead/
frohoff/grepcidr2
from http://www.taugh.com/grepcidr-2/
frohoff/Java-Deserialization-Cheat-Sheet
The cheat sheet about Java Deserialization vulnerabilities
frohoff/owaspsd-deserialize-my-shorts
Slide deck from OWASP SD Talk "Deserialize My Shorts: Or How I Learned to Start Worrying and Hate Java Object Deserialization"
frohoff/revsh
A remote access tool for pentesters designed for advanced pivoting.
frohoff/jdk7u
frohoff/jdk6
frohoff/self-compile-Android
Autonomous smartphone app. Capable of self-compilation, mutation, and viral spreading. World-first proof-of-principle to bypass Internet kill switches.
frohoff/frohoff.github.io
Github Pages Site
frohoff/lambda-zip-test
docker run -v [homedir]/.aws/:/root/.aws/ -e AWS_DEFAULT_PROFILE=[profilename] [containerid]
frohoff/pwnableweb-scoreboard
Scoreboard for CTF Competitions
frohoff/pyvmomi-community-samples
A place for community contributed samples for the pyVmomi library.
frohoff/background-check
Automatically switch to a darker or a lighter version of an element depending on the brightness of images behind it.
frohoff/chris.frohoff.org
frohoff/commons-beanutils
Mirror of Apache Commons Beanutils
frohoff/commons-collections
Mirror of Apache Commons Collections
frohoff/ctf-scoreboard-1
Repository for the MITRE Capture the Flag scoreboard.
frohoff/ctfscoreboard
Scoreboard for Capture The Flag competitions, used by the Google CTF event
frohoff/docker-apache
frohoff/docker-compose-ui
web interface for Docker Compose
frohoff/emailgrades
frohoff/exserial
Java Untrusted Deserialization Exploits Tools
frohoff/frohoff.org
frohoff/iptrap
A simple, but damn fast sinkhole
frohoff/JavaUnserializeExploits
frohoff/jOOR
jOOR - Fluent Reflection in Java jOOR is a very simple fluent API that gives access to your Java Class structures in a more intuitive way. The JDK's reflection APIs are hard and verbose to use. Other languages have much simpler constructs to access type meta information at runtime. Let us make Java reflection better.
frohoff/sinkholeupdate
Using RPZ this script helps to add and remove entries into a Bind DNS Server
frohoff/SmartThingsPublic