Skip to content

Instantly share code, notes, and snippets.

Wouter Coekaerts coekie

Block or report user

Report or block coekie

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View SerialDOS.java
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.util.HashSet;
import java.util.Set;
// billion-laughs-style DoS for java serialization
public class SerialDOS {
View ByteBufferUseAfterFree.java
import java.nio.ByteBuffer;
import java.util.ArrayList;
import java.util.List;
// sub-optimal almost-reliable proof of concept JVM crasher.
// see http://wouter.coekaerts.be/2015/resurrecting-phantomreference
public class ByteBufferUseAfterFree {
private static final int SIZE = 100_000;
public static void main(String[] args) {
View FindKirk.java
import java.io.PrintStream;
// Makes it find Kirk every time.
// Works for me every time... but might be system dependent.
public class FindKirk {
public static void main(String[] args) throws InterruptedException {
// warmup, avoiding that initialization taking an identity hash code gets in our way
JavaChampionTest.main();
// hash code 2134400190 is an early twin. 1802421938 comes 2 before the first occurrence,
View keybase.md

Keybase proof

I hereby claim:

  • I am coekie on github.
  • I am coekaerts (https://keybase.io/coekaerts) on keybase.
  • I have a public key whose fingerprint is 8759 8ED3 3D40 C3D4 F36C 7FC9 8158 FB2E F517 1EDE

To claim this, I am signing this object:

You can’t perform that action at this time.