bjrjk/pwn-learning
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Moved JavaScript/PwnCollegeV8Exploitation/ to PwnCollege/V8Exploitation/

Browse Source
This commit is contained in:
Jack Ren
2024-09-27 10:32:08 +08:00
parent ed5918f284
commit 41c959a465
52 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
PwnCollege/V8Exploitation/Level2/README.md Normal file
View File

@@ -0,0 +1,20 @@
# Level 2
## Problem
Given the following primitves:
- AddressOf
- Arbitrary Read & Write in Sandbox
## Key Knowledge
- [Pointer Compression in V8](https://v8.dev/blog/pointer-compression)
- V8 Optimization Tiers
- [Intepreter Ignition](https://v8.dev/blog/sparkplug)
- [Non-optimizing JavaScript compiler Sparkplug](https://v8.dev/blog/sparkplug)
- [Mid-tier optimizing compiler Maglev](https://v8.dev/blog/maglev)
- Top-tier optimizing compiler [Turbofan](https://v8.dev/docs/turbofan) / [Turboshaft](https://v8.dev/blog/holiday-season-2023)
- [V8 Native Syntaxs](https://v8.dev/docs/builtin-functions)
- [V8引擎漏洞分析环境与调试方法基础](https://gtoad.github.io/2019/07/25/V8-Debug/)
- [JIT Spray in V8](https://www.matteomalvica.com/blog/2024/06/05/intro-v8-exploitation-maglev/#jit-spraying-shellcode)
- [Shellcraft of Pwntools](https://docs.pwntools.com/en/stable/shellcraft/amd64.html)