# Level 9

## Problem

Given V8 Sandbox memory corruption API (Address Of, Cage Read & Write Primitive).

## Key Knowledge
- V8 (Heap) Sandbox
    - [The V8 Sandbox](https://v8.dev/blog/sandbox)
- V8 Memory Corruption API
    - [4a12cb1022ba335ce087dcfe31b261355524b3bf - v8/v8 - Git at Google](https://chromium.googlesource.com/v8/v8/+/4a12cb1022ba335ce087dcfe31b261355524b3bf)
    - [KITCTFCTF 2022 V8 Heap Sandbox Escape](https://ju256.rip/posts/kitctfctf22-date/#v8s-memory-corruption-api)
- V8 Sandbox Escape Technique
    - [Dice CTF Memory Hole: Breaking V8 Heap Sandbox](https://mem2019.github.io/jekyll/update/2022/02/06/DiceCTF-Memory-Hole.html)
        - You can use this one!
    - [V8 Sandbox escape/bypass/violation and VR collection](https://github.com/xv0nfers/V8-sbx-bypass-collection)
        - Real-time update V8 Sandbox escape collection!