
xvonfers
@xvonfers
I have recently been in the V8 vulnerability research/exploitation topic and in this post I will briefly talk about the key points at the very start of the study:
1/ Experience writing in JavaScript and some understanding of what's under the hood(learn JavaScript fundamentals, closures, prototypes and inheritance, etc)
2.1/ Study V8 Architecture - V8 architecture and components(core components and how they interact) - Parser and AST - Interpreter(Ignition) - Optimizing Compiler(TF) - Execution Stages - Optimization Pipeline - Memory management(GC, memory allocation,...)
2.2/ - Hidden Classes - Inline Caches - Code Optimization/Deoptimization - Typed Arrays and ArrayBuffer - Closures and Scopes - Data Structures - Function Optimization ....
3/ Read and analyze CVEs - Study past V8 vulnerabilities and their exploits(reproduce known exploits).
4/ Deep Dive into Exploitation: - Type Confusion - JIT Spraying - UAFs - OOB - Heap Corruption - BoFs - Integer Overflows/Underflows - Logic errors
5/ View and analyze ALL recent commits https://github.com/v8/v8/commi...
6/ Fuzzing V8: - Start from Fuzzilli - Write fuzzers for specific V8 components - Integrate sanitizers - Triage crashes - Minimize test cases - Increase coverage...