code-audit

This artifact is a security audit and detection guide describing several high-risk file operation vulnerabilities (path traversal, arbitrary read/write/delete, unsafe uploads, header injection, and reflection-based remote method invocation via scheduled jobs). It does not itself contain executable malware, but it includes concrete vulnerable examples and attack payloads that, if present in an application, would enable severe exploitation (arbitrary file read/write/delete and remote code invocation via reflection). Reviewers should prioritize detection/fixes for reflection-invoked scheduled tasks, path concatenation without normalization, unsafe upload checks, and lack of permission controls. Apply the provided remediation patterns (path normalization + startsWith, filename sanitization, MIME+magic checks, whitelist of callable methods for scheduled jobs) and add auditing and least-privilege enforcement.

This document is a security advisory describing HTTP request smuggling and HTTP/2 desync attacks with detection steps, PoCs and recommended mitigations. It is not executable code and does not contain malware, but it contains actionable exploitation steps (PoCs) that can be misused. Review and hardening of proxies, disabling h2c, rejecting mixed or duplicate framing headers, and avoiding custom parsing of CL/TE are recommended. Treat the PoC lines as sensitive and disclose/handle accordingly in responsible contexts.

This is an explicit PoC/penetration-testing guide containing many ready-to-use exploit payloads and examples that can produce RCE, data exfiltration (OOB callbacks), file disclosure, SSRF and other serious impacts if executed against vulnerable systems. The file itself is not obfuscated and does not appear to be a packaged malware artifact, but it is high-risk dual-use content: safe for authorized security testing but dangerous if misused. Treat this document as sensitive offensive tooling—do not run the payloads against systems without explicit authorization.

This document is a security advisory/educational guide demonstrating how Python deserialization APIs can be abused to achieve RCE. The file itself is not an embedded malware package, but it contains explicit exploit PoCs and instructions that can be directly used to attack vulnerable applications. Treat the examples as high-risk content: do not run them in production, and use the provided mitigation guidance to audit and harden code paths that call pickle.loads, yaml.load (without safe loader), jsonpickle.decode, dill.loads, marshal.loads, shelve.open, and similar APIs.