Congratulations to Carl Smith from v8 Security team and join Blackhat USA review board as guest reviewer. He is willing to share, open-minded, and a hardcore researcher and developer.
@rwx.page
Unfortunately not, we are planning on sharing more details in form of talks in the future though.
And make sure to update to the latest swift version too!
Some slides discussing some of this work can be found here:
powerofcommunity.net/poc2024/Carl%20Smith,%20...
I’m very excited to announce that we at V8 Security have finally published our first version of Fuzzilli that understands Wasm!
Go check it out at https://github.com/googleprojectzero/fuzzilli
While we still have a way to go in improving it, we think it shows a promising approach!
Another big step towards becoming a security boundary: today we’re expanding the VRP for the V8 Sandbox
* No longer limited to d8
* Rewards for controlled writes increased to $20k
* Any memory corruption outside the sandbox is now in scope
bughunters.google.com/about/rules/...
Happy hacking!
Finally got around to publishing the slides of my talk @offensivecon.bsky.social from ~two weeks ago. Sorry for the delay!
The V8 Heap Sandbox: saelo.github.io/presentation...
Fantastic conference, as usual! :)
Here's another V8 sandbox design document, this time discussing how sensitive ("trusted") V8-internal objects (such as BytecodeArrays) can be protected: docs.google.com/document/d/1...
This should be one of the last pieces of infrastructure required for the sandbox.
One day, @rwx.page and me got bored and built a tiny command line game with 0 deps in 🦀.
`cargo install quarto`
It's not much but it's honest work :)
https://github.com/domenukk/quarto_rs