Video series about getting started with memory corruptions in WebKit
New Series: Getting Into Browser Exploitation
The start of a new series. We will try to learn some basics about Browser Exploitation.
We are going to try out Linus's exploit and setup a vulnerable WebKit version including debug symbols.
The Butterfly of JSObject
WebKit RegExp Exploit addrof() walk-through
The fakeobj() Primitive: Turning an Address Leak into a Memory Corruption
We go over the boxed vs. unboxed values, how to convert addresses to doubles and why our bug is a memory corruption.
Preparing for Stage 2 of a WebKit Exploit
Setting the foundation for an arbitrary read/write (and re-implementing addrof and fakeobj).