Progress report - Jun 2022

This is actually a progress report article and I will just point to some resources that I’ve seen in the past month doing my side projects.

I’ve done bug bounties in some private companies in the start of the mounth, have found 2 bugs but at the time without any bounty. Also I’m almost finishing one of my side projects that I think I will post about it in the middle of july (I hope) but it’s a security tool, something not new at all, but I think that can help a lot of security researchers.

I also have finished a private project, in this private project I’ve found 5 vulnerabilities.

Recently I’ve started learning about web assembly, for some reason this video pop in my youtube feed https://www.youtube.com/watch?v=3sU557ZKjUs and is a good video but after two days, this article showed in a Telegram Channel https://blog.protekkt.com/blog/basic-webassembly-buffer-overflow-exploitation-example (this is a sign for sure), after this coincidence I decided to focus in this.

There’s a good article about hacking web asm in the black hat conference () that I’ve caught my attention and my curiosity.

Notes

  • wasm don’t have stack machine

I’ve readed a great article about it (is acctualy a serie of article about wasm design issues) http://troubles.md/wasm-is-not-a-stack-machine/.

So, acctualy web asm have stack machine but what troubles.md is saying is that there is no good design to be called a stack machine. I also need to be clear, before see this post I’ve watched this and after read the troubles.md blog post I just got confused and I think I’m still.

  • linear memory

wasm and javascript can store and read this memory, basically a continuous array of bytes (buffer) that wasm and javascript can sync read and modify. Linear memory can be used to pass values back and forth between Wasm and Javascript.

  • Shared memory, globals, tables

web asm have global e local variables, also it have a shared memory (you can set this) that can be shared with the javascript running in the browser. Web asm doesn’t have pointers because to have pointers it will need to have a size of X bytes depending of the .wasm, however it have a Function Table that is used to do almost the same thing.

  • wasm as asm

Almost every vulnerability already know about binary attacks can work in wasm, however since wasm is about web more possibilities can be achieve.

Like showed in this presentation possibilities like buffer overflow to XSS and buffer overflow to RCE in NodeJS applications. There’s really big problems ahead and this is fun.

anyway, of all the introductory content about webasm, this was the best

What’s next?

  • I still learning about web asm but I think that I already have some ideia about some possible new class of vulnerabilities that can added in the web asm world.
  • I want to track better my hours in my side projects
  • I need to fix some core issue’s in my life (my sleep)

Article of the month

https://blog.protekkt.com/blog/basic-webassembly-buffer-overflow-exploitation-example

Video of the month

https://www.youtube.com/watch?v=3sU557ZKjUs

Music of the month

https://www.youtube.com/watch?v=qWOZVCBJ7Rs