LiveOverflow

explore weird machines...

Arbitrary Read and Write in WebKit Exploit - browser 0x08

We achieve arbitrary read/write in the JavaScriptCore of WebKit

Browser Exploitation
LiveOverflow

Preparing for Stage 2 of a WebKit exploit - browser 0x07

Setting the foundation for an arbitrary read/write (and re-implementing addrof and fakeobj).

Browser Exploitation
LiveOverflow

Speedrun Hacking Buffer Overflow - speedrun-001 DC27

Simple buffer overflow speedrun challenge, exploited with a ROP chain generated by Ropper. And analyse the timeline.

Capture The Flag
LiveOverflow

Revisiting JavaScriptCore Internals: boxed vs. unboxed - browser 0x06

We go over the boxed vs. unboxed values, how to convert addresses to doubles and why our bug is a memory corruption.

Browser Exploitation
LiveOverflow

The fakeobj() Primitive: Turning an Address Leak into a Memory Corruption - browser 0x05

In this video we turn the bug used in addrof() to corrupt the memory of internal JavaScriptCore Objects which can help us to compromise the engine.

Browser Exploitation
LiveOverflow

WebKit RegExp Exploit addrof() walk-through - browser 0x04

We finally look at the actual exploit code! We start with the addrof() primitive, which can leak the address of a JavaScript object in memory.

Browser Exploitation
LiveOverflow

Just-in-time Compiler in JavaScriptCore - browser 0x03

Looking at the WebKit JIT compiler - the part that converts JavaScript bytecode to machine code.

Browser Exploitation
LiveOverflow

The Butterfly of JSObject - browser 0x02

Let's have a look at how JavaScriptCore implements JavaScript Objects and values like integers and floats. We can use lldb to look into the memory.

Browser Exploitation
LiveOverflow

Setup and Debug JavaScriptCore / WebKit - browser 0x01

We are going to try out Linus's exploit and setup a vulnerable WebKit version including debug symbols.

Browser Exploitation
LiveOverflow