miniblog.

← Back to all posts
Jun 1, 2017 at 20:41
Implementing Execute-Only Memory in userland: https://www.tedunangst.com/flak/post/userland-xnr-jit (an elegant way of hardening JITs to ROP exploits!)
userland xnr jit

Related Posts

Jun 8, 2024 at 02:48
It is remarkably hard to escape command line arguments safely on Windows, and the standard libraries of multiple languages have needed patching:
BatBadBut: You can't securely execute commands on Windows
BatBadBut: You can't securely execute commands on Windows
Introduction Hello, I’m RyotaK ( @ryotkak ), a security engineer at Flatt Security Inc. Recently, I reported multiple vulnerabilities to several programming languages that allowed an attacker to perform command injection on Windows when the specific conditions were satisfied. Today, affected vendors published advisories of these vulnerabilities , so I’m documenting the details here to provide more information about the vulnerabilities and minimize the confusion regarding the high CVSS score. TL;DR The BatBadBut is a vulnerability that allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied.
Jul 19, 2023 at 06:04
Old news, but I really like how node v12.17 will speculatively execute pure functions in the REPL.
Photo
Node.js — Node.js v12.17.0 (LTS)
Node.js — Node.js v12.17.0 (LTS)
Node.js® is a free, open-source, cross-platform JavaScript runtime environment that lets developers create servers, web apps, command line tools and scripts.
Dec 11, 2019 at 00:06
Gate is exploring transferring program state (like Smalltalk images), but leveraging wasm to execute untrusted code. An exciting model! https://savo.la/introduction-to-gate.html Execution of untrusted code still feels like a really underexplored space.
Introduction to Gate
Gate project: portable program state migration using WebAssembly.