V8, the JavaScript engine, is largely undocumented.
An important source to understand V8 are design documents.
To the best of my knowledge, there is no index of all design docs.
I made an attempt to create at least a partial index, i.e. all design docs I know of.
It is not limited to design docs in the strict sense; more like “Google Doc with details about V8 development”.
Python jail escapes have evolved into their own CTF category over the past years.
I recently gave a talk and wrote a blog post for my CTF team, where I give an introduction to the topic and show some classical examples.
CSAW CTF finals I played with team polyflag, overall the CTF was pretty mid with a lot of guessing and an unacceptable required VPN setup, where we had to install some random VPN client on our machines (with sudo curl ... | bash of course) and then had to authenticate with a Google, LinkedIn, Microsoft or GitHub account.
This is the second part of my adoption of …ing the technical interview.
A blog series by Aphyr about writing programs in funny, non-standard ways.
Again this is a writeup of a CTF challenge I created.
Specifically, the dive in the lake challenge of LakeCTF, organized by the CTF of EPFL polygl0ts.
I really like the blog series …ing the technical interview by Aphyr.
Besides the humor, I enjoy seeing Turing completeness in parts of systems that many people use but that were not designed to write entire programs in.
This is a writeup of an easy/medium pwn challenge called “Profile” featuring a type confusion, some GOT overwriting, and a funny but unnecessary one gadget exploit for the fun of it.