Revisiting JavaScriptCore Internals: boxed vs. unboxed

preview_player
Показать описание
Part 6: There are still many things I haven't explained yet. So in this video we go over the boxed vs. unboxed values, how to convert Integer addresses to Doubles and why our bug is a memory corruption.

-=[ 🕴️Advertisement ]=-

-=[ 🔴 Stuff I use ]=-

-=[ ❤️ Support ]=-

-=[ 🐕 Social ]=-

-=[ 📄 P.S. ]=-

All links with "*" are affiliate links.
LiveOverflow / Security Flag GmbH is part of the Amazon Affiliate Partner Programm.
  1. LiveOverflow
  2. Live Overflow
  3. liveoverflow
  4. hacking tutorial
  5. how to hack
  6. exploit tutorial
Рекомендации по теме
Revisiting JavaScriptCore Internals: 0:08:59

Revisiting JavaScriptCore Internals: boxed vs. unboxed

Just-in-time Compiler in 0:09:50

Just-in-time Compiler in JavaScriptCore (WebKit)

OffensiveCon22 - Samuel 0:52:27

OffensiveCon22 - Samuel Gross and Amanda Burnett - Attacking JavaScript Engines in 2022

WebKit RegExp Exploit 0:13:31

WebKit RegExp Exploit addrof() walk-through

Michael Saboff — 1:01:24

Michael Saboff — JavaScriptCore, many compilers make this engine perform

!!Con West 2019 0:11:26

!!Con West 2019 - Annie Cherkaev: The secret life of Not-a-Number!

HTML : javascript/gwt: 0:01:17

HTML : javascript/gwt: converting Uint8Array or ArrayBuffer to ImageData element

Exploiting CSP in 0:27:31

Exploiting CSP in WebKit to Break Authentication and Authorization

OffensiveCon20 - Ki 0:56:36

OffensiveCon20 - Ki Chan Ahn - Adventures on Hunting for Safari Sandbox Escapes

#HITBGSEC 2018 D1: 0:37:51

#HITBGSEC 2018 D1: Turning Memory Errors Into Code Execution With Client-Side Compilers - R. Gawlik

NodeJS : Using 0:01:33

NodeJS : Using MusicKit JS from Nodejs

Rethinking Cross-Platform Development 0:27:42

Rethinking Cross-Platform Development - The Best of Both Worlds

Preparing for Stage 0:14:33

Preparing for Stage 2 of a WebKit exploit

Array : Uint8Array 0:01:27

Array : Uint8Array Javascript usecase

Immutability: Putting The 0:33:44

Immutability: Putting The Dream Machine To Work • David Nolen • GOTO 2014

WebKit Everywhere: Secure 0:32:49

WebKit Everywhere: Secure or Not?

MurmusCTF, SSD CTF 0:04:04

MurmusCTF, SSD CTF Challenge, Google CTF writeups - PwnNews 27/06/19

#HITB2017AMS D1T2 - 0:56:38

#HITB2017AMS D1T2 - The Secret Of Chakracore: 10 Ways To Go Beyond The Edge - Linan Hao and Long Liu

Black Hat USA 0:48:18

Black Hat USA 2017 Breaking XSS Mitigations Via Script Gadgets

cljs.main - David 0:43:21

cljs.main - David Nolen

Parasitic Programming Languages 0:49:04

Parasitic Programming Languages - David Nolen

OffensiveCon19 - Niklas 0:23:30

OffensiveCon19 - Niklas Baumstark - IPC You Outside the Sandbox: One bug to Rule the Chrome Broker

Mobile Espionage in 0:45:17

Mobile Espionage in the Wild: Pegasus and Nation-State Level Attacks

Dalvik (software) | 0:09:42

Dalvik (software) | Wikipedia audio article

Комментарии
Автор

ArrayBuffers are not only to help security researchers. For example, an online game using a binary websocket protocol would need to decode bytes to floats for the position of players, or health of enemies, etc.

samfoxman
Автор

Too bad that this might be the last live overflow video

Zack-Strife
Автор

Guys, if you don't understand something it isn't your fault or LiveOverflow being too comlex. It just means you learning something, just rewatch the part you didn't understand before you'll get it. Sure, this series isn't so easy, but if you watch carefully everything you will learn something anyway. Just don't give up but instead check some other videos dedicated to this subject on this or other channels. GL HF!

SourceDanich
Автор

JS typed arrays only exist for making exploitation easier? And here I thought they were a webGL thing

dWHOHWb
Автор

Thoughts about the steam game called "hacknet"? Would you recommend such game for a newbie who wants to dig into programming/hacking? I'm already hooked on the subject, and I havent really figured out where to start my progress. Good content & keep up<3

rubenpetrucza
Автор

can you make a video on Bluetooth communication sniffing? The methodology of Bluetooth packets inspection and requirement and lab setup for Bluetooth sniffing.

secureitmania
Автор

So that's how you corrupt memory to access arbitrary adresses with this exploit! Can this exploit be used to corrupt browser's memory to gain uXSS powers? Or is the javascript thread still isolated to a single web page

alpo
Автор

I'm not the only one that keeps hearing N64 instead of int64, right?

dangeredwolf
Автор

I can understand 40% of this video only

patrickstival
Автор

Just heard the news YT is banning instructional hacking channels like wtf

sharkbeats
Автор

Yeah, I haven't understood a single video in this series, but I'm sure one day I will

paprika
Автор

So, this video in a nutshell.

The last thing wasn't a memory corruption because it wasn't.
But when you corrupt the memory it becomes a memory corruption.
Thrilling.

realityveil
Автор

its encode by utf-8 problem in running This Program Can not Be Run in DOS Mode That message is from the basic header that every Windows (PE format) executable has. The message (and the code that displays it) is technically editable, but all compilers seem to just emit code that displays that same string and then exits. It's 16-bit executable code (like a DOS .COM file), intended to be displayed when you try to run the program on MS-DOS or similar pre-Windows systems. Windows' program loader typically skips over it.

ebvsfvl