Pwn

Conference presentation (slides | recording) of our paper “DUMPLING: Fine-grained Differential JavaScript Engine Fuzzing” at NDSS 2025. It got awarded the distinguished paper award.

The master’s thesis presentation of our differential JavasScript engine Fuzzer “Dumpling”. The thesis is published as a paper at NDSS 2025 and received the distinguished paper award.

This is a writeup of an easy/medium pwn challenge called “Profile” featuring a type confusion, some GOT overwriting, and a funny but unnecessary one gadget exploit for the fun of it.

Solution to the Cyber Security Rumble Finals challenge simple-asm.

A talk by ju256 and me about Chrome V8 internals with some case studies of common bugs. While the slides are okay to look at, there is a fair bit of context missing without the audio track. Maybe we will give the talk in a similar form somewhere where it is recorded in the future.