Pinned
My latest Chrome bug just got derestricted.
Did you know that floats have a minus zero? Turns out if you forget about it, that can mean RCE :).
bugs.chromium.org/p/chromium/iss…
stephen
1,266 posts
stephen
@_tsuro
@v8js security, CTFs and CPU vulnz. LCHL.
@[email protected]
- We just open sourced most challenges (and exploits) from this year's #GoogleCTF: github.com/google/google-…
- We open sourced PathAuditor: a tool for Linux that @rozek_marta and I worked on this summer. Tl;dr: you can use it to instrument root daemons and find insecure file access patterns like CVE-2019-3461. Check out the code: github.com/google/path-au… Blog post: security.googleblog.com/2019/12/detect…
- We just released the challenges of this year's #GoogleCTF finals together with a short write up of the intended solutions: github.com/google/google-… If anything is not clear, feel free to DM me and I can share more details about the challenges.
- Here are the slides from my #Zer0con2019 talk about TurboFan (Chrome's javascript compiler). If you have any questions, please leave a comment in the slides and I'll try to explain it in the speaker's notes.
- We just released v1.0 of kCTF our kubernetes based infrastructure for CTF competitions. Check it out here: google.github.io/kctf/ With kCTF we tried to address to issues we often heard about: * no experience with k8s * worry about introducing security issues (1/3)
- We just started the #v8CTF: a new exploit bounty program for v8! * $10,000 * N-day vulnerabilities are in scope, but limited to first submission per deployed v8 version * unlimited for self-found bugs (on top of regular VRP) More info here: github.com/google/securit…
- We just announced a new bug bounty on a hardened kubernetes cluster. The fun part: 1days are explicitly in scope! Want to exploit a public #syzkaller bug that hasn't been patched in our cluster yet? That's fair game. More info here:
- The exploit for my Chrome/v8 challenge from the #GoogleCTF finals is now public. You can find it here: github.com/google/google-…. You had to exploit an JIT optimization pass that would turn 1+1 into 2.
- I made a challenge for #WCTF where you got a fake XSS in the Discord electron app and had to turn it into RCE. Here's the "writeup": youtu.be/OetPbkia3os Enjoy :)
- One thing off my bucket list. I got code execution in the Chrome renderer with a nice bug in v8's TurboFan optimizer. The bug just got de-restricted: bugs.chromium.org/p/chromium/iss…
- #GoogleCTF is on and we have challenges related to hardware, crypto, reversing, web, sandbox and of course pwnables. Every category comes with an easy challenge aimed at beginners. Check it out here: capturetheflag.withgoogle.com/challenges
