The Butterfly of JSObject
1,721Part 2: Let's have a look at how JavaScriptCore implements JavaScript Objects and values like integers and floats. We can use lldb to look into the memory.
Phrack: http://phrack.org/papers/attacking_javascript_engines.html
The Linus: https://twitter.com/linushenze
The Exploit: https://github.com/LinusHenze/WebKit-RegEx-Exploit
The Fix: https://bugs.webkit.org/show_bug.cgi?id=191731
-=[ 🕴️Advertisement ]=-
This video is supported by SSD Secure Disclosure: https://ssd-disclosure.com/
Offensive Security Conference TyphoonCon (10th - 14th June 2019): https://typhooncon.com/
-=[ 🔴 Stuff I use ]=-
→ Microphone:* https://geni.us/ntg3b
→ Graphics tablet:* https://geni.us/wacom-intuos
→ Camera#1 for streaming:* https://geni.us/sony-camera
→ Lens for streaming:* https://geni.us/sony-lense
→ Connect Camera#1 to PC:* https://geni.us/cam-link
→ Keyboard:* https://geni.us/mech-keyboard
→ Old Microphone:* https://geni.us/mic-at2020usb
US Store Front:* https://www.amazon.com/shop/liveoverflow
-=[ ❤️ Support ]=-
→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: https://twitter.com/LiveOverflow/
→ Website: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/
-=[ 📄 P.S. ]=-
All links with "*" are affiliate links.
LiveOverflow / Security Flag GmbH is part of the Amazon Affiliate Partner Programm.
#BrowserExploitation