Skip to content

Instantly share code, notes, and snippets.

View SerialDOS.java
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.util.HashSet;
import java.util.Set;
// billion-laughs-style DoS for java serialization
public class SerialDOS {
@coekie
coekie / ByteBufferUseAfterFree.java
Created January 20, 2015 22:03
ByteBufferUseAfterFree
View ByteBufferUseAfterFree.java
import java.nio.ByteBuffer;
import java.util.ArrayList;
import java.util.List;
// sub-optimal almost-reliable proof of concept JVM crasher.
// see http://wouter.coekaerts.be/2015/resurrecting-phantomreference
public class ByteBufferUseAfterFree {
private static final int SIZE = 100_000;
public static void main(String[] args) {
@coekie
coekie / FindKirk.java
Created September 9, 2014 22:43
Find Kirk
View FindKirk.java
import java.io.PrintStream;
// Makes it find Kirk every time.
// Works for me every time... but might be system dependent.
public class FindKirk {
public static void main(String[] args) throws InterruptedException {
// warmup, avoiding that initialization taking an identity hash code gets in our way
JavaChampionTest.main();
// hash code 2134400190 is an early twin. 1802421938 comes 2 before the first occurrence,
@coekie
coekie / keybase.md
Created July 14, 2014 21:11
keybase
View keybase.md

Keybase proof

I hereby claim:

  • I am coekie on github.
  • I am coekaerts (https://keybase.io/coekaerts) on keybase.
  • I have a public key whose fingerprint is 8759 8ED3 3D40 C3D4 F36C 7FC9 8158 FB2E F517 1EDE

To claim this, I am signing this object: