Skip to content

@software-engineering-and-security Software Engineering and Security group at Umeå University

Change the repository type filter

All

    Repositories list

    20 repositories

    • Drtti

      Public
      Drtti is a plugin for Ghidra and is a static analysis tool that automates the identification and extraction of run-time type information stored within Delphi bi…
      Java
      Apache License 2.0
      0000Updated May 19, 2026May 19, 2026

    • loom-android-malware-detection

      Public
      "Loom: A Balanced String-Based Transformer for Android Malware Detection (ICICS 2026)"
      Python
      MIT License
      0200Updated May 15, 2026May 15, 2026

    • TypeConfusionStats

      Public
      Short study on the presence of type confusion vulnerabilities in the Java and Android runtimes
      0000Updated Apr 30, 2026Apr 30, 2026

    • gadgetbuilder

      Public
      A new Java Deserialization Gadget Chain payload generator as an overhaul to Ysoserial.
      Java
      1700Updated Apr 6, 2026Apr 6, 2026

    • cfighter

      Public
      Rust
      0000Updated Dec 27, 2025Dec 27, 2025

    • bugfu

      Public
      BugFu, a tool to bugfuscate programs
      androidjavaobfuscation
      androidjavaobfuscationbytecodejvmstatic-analysisbugcode-reviewvulnerabilitysupply-chain-security
      Java
      0200Updated Dec 5, 2025Dec 5, 2025

    • MaintainForwardPorting-ICSME2025

      Public
      C
      0000Updated Oct 10, 2025Oct 10, 2025

    • SleepingGiants

      Public
      A dataset for dependencies susceptible to hiding Java deserialization gadgets and injection framework.
      Jupyter Notebook
      GNU General Public License v3.0
      0100Updated Sep 8, 2025Sep 8, 2025

    • ConfuseTaint

      Public
      A proof-of-concept that exploits type confusion to bypass dynamic taint analysis.
      Java
      Apache License 2.0
      0100Updated Aug 19, 2025Aug 19, 2025

    • cfi-practical-guideline

      Public
      SoK: Preventing Real-World Exploits: A Practical Guideline and Taxonomy to LLVM's Control Flow Integrity
      0100Updated Aug 19, 2025Aug 19, 2025

    • Gleipner

      Public
      A benchmark for Java gadget chain detecting algorithms.
      Java
      11600Updated Jun 20, 2025Jun 20, 2025

    • SeeCFI

      Public
      Python
      0300Updated Oct 15, 2024Oct 15, 2024

    • Gadgecy

      Public
      A tool and dataset for detecting dependencies used in known Java gadget chains.
      Python
      GNU General Public License v3.0
      0500Updated Jun 15, 2024Jun 15, 2024

    • confuzzion

      Public
      Confuzzion is a Java Virtual Machine (JVM) fuzzer generating Java programs to find bugs and vulnerabilities in the Java VM.
      javatestingsecurity
      javatestingsecurityjvmbugcrashesvulnerabilitycode-generationvulnerabilitiesfuzzer
      Java
      2701Updated May 24, 2024May 24, 2024

    • ysoserial

      Public
      A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
      Java
      MIT License
      1.9k000Updated Dec 27, 2023Dec 27, 2023

    • AndroidsJCL-SecDev23

      Public
      Artifacts of our SecDev 2023 paper "An In-Depth Analysis of Android’s Java Class Library: its Evolution and Security Impact"
      androidsecurityjvm
      androidsecurityjvmclassvulnerabilitydalvikopenjdkexposuretlsh
      Java
      0000Updated Oct 4, 2023Oct 4, 2023

    • javaDesatChecker.web

      Public
      Web pages and other artefacts generated with javaDesatChecker
      HTML
      0000Updated Jun 13, 2023Jun 13, 2023

    • java-deserialization-rce

      Public
      An In-depth Study of Java Deserialization Remote-Code Execution Exploits and Vulnerabilities
      0100Updated Jul 15, 2022Jul 15, 2022

    • pshape

      Public
      Inspector-gadget (a.k.a. PSHAPE - Practical Support for Half-Automated Program Exploitation) is an open source tool which assists analysts in exploit developmen…
      exploitgadgetspshape
      exploitgadgetspshapeinspector-gadget
      0000Updated Jul 7, 2022Jul 7, 2022

    • inspector-gadget

      Public
      Inspector-gadget (a.k.a. PSHAPE - Practical Support for Half-Automated Program Exploitation) is an open source tool which assists analysts in exploit developmen…
      exploitregistervulnerability
      exploitregistervulnerabilitygadgetsgadget-chainpshapeinspector-gadget
      Python
      GNU Lesser General Public License v2.1
      52700Updated Dec 17, 2019Dec 17, 2019
    ProTip! When viewing an organization's repositories, you can use the props. filter to filter by custom property.