_TLDR: __This blog is for complete understanding of __java serialization attacks _and it includes CerealCTF-LinuxV2 or tony the tiger boot2root machine walkthrough.
WHAT IS SERIALIZATION AND DESERIALIZATION IN JAVA
‘OBJECTS IN JAVA’
Java is a object-oriented programming language so it includes the concept of ‘objects’.
‘objects’ are the basic unit of Object-Oriented Programming and represents the real-life entities. A typical Java program creates many objects, which as you know, interact by invoking methods.
It consists of
- **State **: It is represented by attributes of an object. It also reflects the properties of an object.
- **Behavior **: It is represented by methods of an object. It also reflects the response of an object with other objects.
- **Identity **: It gives a unique name to an object and enables one object to interact with other objects.
for more info on objects refer to https://geeksforgeeks.org/classes-objects-java/
WHAT IS BYTE STREAM
Java Byte streams are used to perform input and output of 8-bit bytes
Byte streams process data byte by byte (8 bits). For example FileInputStream is used to read from source and FileOutputStream to write to the destination
#cybersecurity #hacking #java
