Presentation I gave about the intended solution of my “icefox” challenge from GPNCTF 2023 with a little bit of background on SpiderMonkey and SpiderMonkey exploitation.
Slides can be found here: https://hedgedoc.verydonk.xyz/p/oyUHOKu3i#/
Two weeks ago we organized our first ever CTF KITCTFCTF 2022. Even though it was a challenging and stressful task, I certainly had a blast preparing challenges and watching the playing teams progress.
One of my challenges called Date was a V8 exploitation challenge that unfortunately stayed unsolved during the CTF.
In this writeup, I’ll go over the intended solution in detail which leads to a V8 (heap) sandbox escape without using the JIT technique that is very popular currently.