https://shxdow.me/Recent content in Home on shxdowHugoen-usThu, 12 Oct 2023 00:00:00 +0000https://shxdow.me/cve-2023-32439/Thu, 12 Oct 2023 00:00:00 +0000https://shxdow.me/cve-2023-32439/Introduction JavaScriptCore, the engine powering web browsers like Safari, employs advanced optimization layers to enhance JavaScript performance. These layers employ sophisticated techniques to analyze and optimize code, improving execution speed and memory efficiency. From baseline compilation to just-in-time (JIT) compilation, these layers adapt to runtime conditions, minimizing overhead and maximizing the application’s responsiveness. Leveraging a blend of adaptive optimizations and inline caching, JavaScriptCore’s optimization layers play a vital role in achieving optimal performance for modern web applications.https://shxdow.me/cve-2020-9802/Sun, 13 Nov 2022 00:00:00 +0000https://shxdow.me/cve-2020-9802/Credits I’d like to be thankful to everyone in the community as a source of motivation. Special thanks to Antonio and Tommaso for all the help they provided along the way. Introduction Speculative compilers are designed to produce the most efficient code possible for a dynamic language. The core idea is to leverage the decades of optimization research done on traditional compilers. New challenges arise with dynamic languages because they lack type information that would otherwise make it very easy to understand and optimize code.https://shxdow.me/google-nul-poison-attack/Thu, 15 Sep 2022 00:00:00 +0000https://shxdow.me/google-nul-poison-attack/Introduction Memory corruption vulnerabilities can arise from very benign programming errors and can lead to arbitrary code execution if exploited by a skilled attacker. One byte overflows are no different and can be leveraged to craft fully fledged exploits against binaries linked to the Gnu C Library’s memory allocator, which is derived from ptmalloc (pthreads malloc), which in turn is derived from dlmalloc (Doug Lea malloc). This technique was originally discovered by Google Project Zero’s team, as an updated version of The House of Einherjar, a NUL byte overflow exploitation technique dating several years prior to 2014.https://shxdow.me/cve-2018-1160/Fri, 15 Jul 2022 00:00:00 +0000https://shxdow.me/cve-2018-1160/This is the solution to a Pwnable.tw challenge, as well as an n-day exploit. At the time of writing only 87 88 players managed to solve it. The most troublesome part is finding the correct offset against the challenge server, which is Ubuntu 16.04 Kernel x86-64 4.9.0. Bug analysis The root cause has already been thoroughly explained in many other blog posts so I won’t delve too much into that.https://shxdow.me/picoctf-horsepower-v8-exploitation/Wed, 13 Jul 2022 00:00:00 +0000https://shxdow.me/picoctf-horsepower-v8-exploitation/This is the solution to Horsepower, one of the simplest v8 challenges available I solved one year ago or so. Writeups can be found all over the internet so I’d rather not write one of my own. Thanks to all the people that helped me! Full exploit code The code can be found on GitHubhttps://shxdow.me/on-logic-formal-verification-and-decision-procedures-part-ii/Mon, 28 Mar 2022 00:00:00 +0000https://shxdow.me/on-logic-formal-verification-and-decision-procedures-part-ii/This entry aims to introduce the concept of what it means for a program to “decide” or what a decision procedure is. After that, there will be an introduction to first order logic, one of the most, if not the most, fundamental theoretical concepts necessary. Differences between DNF and CNF Satisfiability for a DNF formula can be verified in linear time (at least one of its conjunctions evaluates to true).https://shxdow.me/inchworm-theory/Fri, 16 Jul 2021 00:00:00 +0000https://shxdow.me/inchworm-theory/An inchworm is a small animal that crawls by pulling its back part of body towards his front part to then extend his front one forward. Such movement pattern can be used as a mental model to think about progress in all sorts of suits in life. Improving at fundamentals (i.e. lower end of the worm) serves a solid basis upon which the most advanced skills need to be built.https://shxdow.me/on-logic-formal-verification-and-decision-procedures-part-i/Sun, 17 Jan 2021 00:00:00 +0000https://shxdow.me/on-logic-formal-verification-and-decision-procedures-part-i/This post tries to be the enstablishment of a series that aims to introduce the use of formal methods and decision procedures in computer science and software engineering. The structure adopted strictly follows the one used in the book “The Calculus of Computation”, which is the source of most of the following material. A computation is any type of calculation that includes both arithmetical and non-arithmetical steps and which follows a well-defined model (e.https://shxdow.me/start/Sat, 16 Jan 2021 00:00:00 +0000https://shxdow.me/start/Feeling stuck ? Set a 3 minute timer and do your best. Rest for 3 minutes. Wash, rinse, repeat.https://shxdow.me/wirenet-analysis/Tue, 04 Jul 2017 00:00:00 +0000https://shxdow.me/wirenet-analysis/I came across an article about a phishing attack that installs Java malware upon success. This reminded of Wirenet, a cross-platform malware that made me wonder whether there was a link between the two. This was one of the first, if not the first committed attempt I made in applying reverse engineering techniques to real world software (a malware in this case). Despite a superior familiarity with Windows internals (rootkits specifically), I figured this would be a good chance to acquaint myself to Linux.https://shxdow.me/nt-kernel-notes/Wed, 20 Apr 2016 00:00:00 +0000https://shxdow.me/nt-kernel-notes/This is a collections of notes on various kernel related topics, featuring Windows NT. A good chunk of these snippets were gathered as a precocius high schooler around somewhere between 2016 and 2017, therefore, do not expect the quality to be on par of a peer reviewd research paper, far from it. The notes don’t lie in any particular order as most of this material was gathered through books during self study.https://shxdow.me/404/Mon, 01 Jan 0001 00:00:00 +0000https://shxdow.me/404/Sorry, we’ve misplaced that URL or it’s pointing to something that doesn’t exist. Head back home to try finding it again.https://shxdow.me/about/Mon, 01 Jan 0001 00:00:00 +0000https://shxdow.me/about/About page content here.