Posts

Lexi and I gave a talk about vulnerabilities in PGP implementations and related software. Find writeups and recordings on gpg.fail. Slides are here. The impacts reach from chancing the content of signed messages without access to the private key, over tricking a user into decrypting data of the attacker’s choice, to memory corruption in the ASCII-armor decoder.

Conference presentation (slides | recording) of our paper “DUMPLING: Fine-grained Differential JavaScript Engine Fuzzing” at NDSS 2025. It got awarded the distinguished paper award.

The master’s thesis presentation of our differential JavasScript engine Fuzzer “Dumpling”. The thesis is published as a paper at NDSS 2025 and received the distinguished paper award.

V8, the JavaScript engine, is largely undocumented. An important source to understand V8 are design documents. To the best of my knowledge, there is no index of all design docs. I made an attempt to create at least a partial index, i.e. all design docs I know of. It is not limited to design docs in the strict sense; more like “Google Doc with details about V8 development”.

Python jail escapes have evolved into their own CTF category over the past years. I recently gave a talk and wrote a blog post for my CTF team, where I give an introduction to the topic and show some classical examples. CSAW CTF finals I played with team polyflag, overall the CTF was pretty mid with a lot of guessing and an unacceptable required VPN setup, where we had to install some random VPN client on our machines (with sudo curl ... | bash of course) and then had to authenticate with a Google, LinkedIn, Microsoft or GitHub account.

This is the second part of my adoption of …ing the technical interview. A blog series by Aphyr about writing programs in funny, non-standard ways. Again this is a writeup of a CTF challenge I created. Specifically, the dive in the lake challenge of LakeCTF, organized by the CTF of EPFL polygl0ts.

I really like the blog series …ing the technical interview by Aphyr. Besides the humor, I enjoy seeing Turing completeness in parts of systems that many people use but that were not designed to write entire programs in.

This is a writeup of an easy/medium pwn challenge called “Profile” featuring a type confusion, some GOT overwriting, and a funny but unnecessary one gadget exploit for the fun of it.

Solution to the Cyber Security Rumble Finals challenge simple-asm.

A talk by ju256 and me about Chrome V8 internals with some case studies of common bugs. While the slides are okay to look at, there is a fair bit of context missing without the audio track. Maybe we will give the talk in a similar form somewhere where it is recorded in the future.