Skip to content
View yulate's full-sized avatar
141 followers · 62 following

Achievements

Achievement: Starstruckx2Achievement: Arctic Code Vault Contributor

Achievements

Achievement: Starstruckx2Achievement: Arctic Code Vault Contributor

Block or report yulate

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don't include any personal information such as legal names or email addresses. Markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
yulate/README.md

Hi there 👋

Security Researcher | AI for Security | AI for Code

Conferences

Black Hat Asia 2026
More JVM Memory Shells – JVM Memory Shell Auto Searching Program
Singapore

An automated framework for discovering JVM memory shells through static analysis, runtime instrumentation, and in-memory inspection.

https://blackhat.com/asia-26/briefings/schedule/#more-jvm-memory-shells---jvm-memory-shell-auto-searching-program-50558

Alibaba Cloud White Hat Conference 2025
Breaking Consensus: From Raft Leader Hijacking to Distributed System Takeover

Analysis of security assumptions in the Raft consensus protocol and a full exploit chain from leader hijacking to distributed system compromise by combining consensus abuse with deserialization vulnerabilities.

https://www.yulate.com/post/LGnP-XXPvc/

Xianzhi Security Salon 2025
Deep JDBC Security: Special URL Constructs and In-Network Deserialization Exploit Techniques

Research on JDBC URL parsing inconsistencies, driver-level attack surfaces, and practical exploitation techniques with PoC demonstrations.

https://github.com/yulate/jdbc-tricks

selected CVEs

Contact

Email: yulate531@gmail.com
Website: https://yulate.com

Pinned Loading

  1. jdbc-tricks jdbc-tricks Public

    《深入JDBC安全:特殊URL构造与不出网反序列化利用技术揭秘》对应研究总结项目 "Deep Dive into JDBC Security: Special URL Construction and Non-Networked Deserialization Exploitation Techniques Revealed" - Research Summary Project

    Java 570 43

  2. CtfAgent CtfAgent Public

    ctf awd比赛快速hook java题,提供一键流量转发,无痛修复

    Java 56 6

  3. ReflectorMate ReflectorMate Public

    idea插件,快速生成反序列化中常用的方法,比如setFieldValue、createTemplatesImpl等

    Java 29 2

  4. tabby-pipeline tabby-pipeline Public

    用于快速启动tabby 分析漏洞或者gadget的环境

    Shell 94 4

  5. slides slides Public

    Forked from X1r0z/presentations

    My presentation slides

    3