The fakeobj() Primitive: Turning an Address Leak into a Memory Corruption @LiveOverflow

LiveOverflow | The fakeobj() Primitive: Turning an Address Leak into a Memory Corruption @LiveOverflow | Uploaded 5 years ago | Updated 6 hours ago
Part5: In this video we turn the bug used in addrof() to corrupt the memory of internal JavaScriptCore Objects which can help us to compromise the engine.

The Exploit: github.com/LinusHenze/WebKit-RegEx-Exploit
Saelo's exploit: github.com/saelo/cve-2018-4233/blob/master/pwn.js
Saelo's phrack paper: http://www.phrack.org/papers/attacking_javascript_engines.html

-=[ 🔴 Stuff I use ]=-

→ Microphone:* geni.us/ntg3b
→ Graphics tablet:* geni.us/wacom-intuos
→ Camera#1 for streaming:* geni.us/sony-camera
→ Lens for streaming:* geni.us/sony-lense
→ Connect Camera#1 to PC:* geni.us/cam-link
→ Keyboard:* geni.us/mech-keyboard
→ Old Microphone:* geni.us/mic-at2020usb

US Store Front:* amazon.com/shop/liveoverflow

-=[ ❤️ Support ]=-

→ per Video: patreon.com/join/liveoverflow
→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join

-=[ 🐕 Social ]=-

→ Twitter: twitter.com/LiveOverflow
→ Website: liveoverflow.com
→ Subreddit: reddit.com/r/LiveOverflow
→ Facebook: facebook.com/LiveOverflow

-=[ 📄 P.S. ]=-

All links with "*" are affiliate links.
LiveOverflow / Security Flag GmbH is part of the Amazon Affiliate Partner Programm.

#BrowserExploitation

Log4j Vulnerability (Log4Shell) Explained // CVE-2021-44228

Defusing a Bomb at Google London HQ - Having a Blast Google CTF Finals 2019 (hardware)

Does Hacking Require Programming Skills?

How The RIDL CPU Vulnerability Was Found

Finding Player and Camera Position for Fly Hack - Pwn Adventure 3

Hacking Browsers - Setup and Debug JavaScriptCore / WebKit

Finding 0day in Apache APISIX During CTF (CVE-2022-24112)

My Life in Short/Shirt Stories - The Time I Learned PenSpinning (~2007-2009) - Shirt Stories #1

Understanding C Pointer Magic Arithmetic | Ep. 07

Paste-Tastic! - Post Google CTF 2019 Stream