bjrjk/pwn-learning
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Moved JavaScript/PwnCollegeV8Exploitation/ to PwnCollege/V8Exploitation/

Browse Source
This commit is contained in:
Jack Ren
2024-09-27 10:32:08 +08:00
parent ed5918f284
commit 41c959a465
52 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
PwnCollege/V8Exploitation/Level9/README.md Normal file
View File

@@ -0,0 +1,17 @@
# Level 9
## Problem
Given V8 Sandbox memory corruption API (Address Of, Cage Read & Write Primitive).
## Key Knowledge
- V8 (Heap) Sandbox
- [The V8 Sandbox](https://v8.dev/blog/sandbox)
- V8 Memory Corruption API
- [4a12cb1022ba335ce087dcfe31b261355524b3bf - v8/v8 - Git at Google](https://chromium.googlesource.com/v8/v8/+/4a12cb1022ba335ce087dcfe31b261355524b3bf)
- [KITCTFCTF 2022 V8 Heap Sandbox Escape](https://ju256.rip/posts/kitctfctf22-date/#v8s-memory-corruption-api)
- V8 Sandbox Escape Technique
- [Dice CTF Memory Hole: Breaking V8 Heap Sandbox](https://mem2019.github.io/jekyll/update/2022/02/06/DiceCTF-Memory-Hole.html)
- You can use this one!
- [V8 Sandbox escape/bypass/violation and VR collection](https://github.com/xv0nfers/V8-sbx-bypass-collection)
- Real-time update V8 Sandbox escape collection!