Progress report - Jun 2022
This is actually a progress report article and I will just point to some resources that I’ve seen in the past month doing my side projects.
I’ve done bug bounties in some private companies in the start of the mounth, have found 2 bugs but at the time without any bounty. Also I’m almost finishing one of my side projects that I think I will post about it in the middle of july (I hope) but it’s a security tool, something not new at all, but I think that can help a lot of security researchers.
I also have finished a private project, in this private project I’ve found 5 vulnerabilities.
Recently I’ve started learning about web assembly, for some reason this video pop in my youtube feed https://www.youtube.com/watch?v=3sU557ZKjUs and is a good video but after two days, this article showed in a Telegram Channel https://blog.protekkt.com/blog/basic-webassembly-buffer-overflow-exploitation-example (this is a sign for sure), after this coincidence I decided to focus in this.
There’s a good article about hacking web asm in the black hat conference () that I’ve caught my attention and my curiosity.
Notes
- wasm don’t have stack machine
I’ve readed a great article about it (is acctualy a serie of article about wasm design issues) http://troubles.md/wasm-is-not-a-stack-machine/.
So, acctualy web asm have stack machine but what troubles.md is saying is that there is no good design to be called a stack machine. I also need to be clear, before see this post I’ve watched this and after read the troubles.md blog post I just got confused and I think I’m still.
- linear memory
wasm and javascript can store and read this memory, basically a continuous array of bytes (buffer) that wasm and javascript can sync read and modify. Linear memory can be used to pass values back and forth between Wasm and Javascript.
- Shared memory, globals, tables
web asm have global e local variables, also it have a shared memory (you can set this) that can be shared with the javascript running in the browser. Web asm doesn’t have pointers because to have pointers it will need to have a size of X bytes depending of the .wasm
, however it have a Function Table that is used to do almost the same thing.
- wasm as asm
Almost every vulnerability already know about binary attacks can work in wasm, however since wasm is about web more possibilities can be achieve.
Like showed in this presentation possibilities like buffer overflow to XSS and buffer overflow to RCE in NodeJS applications. There’s really big problems ahead and this is fun.
anyway, of all the introductory content about webasm, this was the best
What’s next?
- I still learning about web asm but I think that I already have some ideia about some possible new class of vulnerabilities that can added in the web asm world.
- I want to track better my hours in my side projects
- I need to fix some core issue’s in my life (my sleep)
Article of the month
https://blog.protekkt.com/blog/basic-webassembly-buffer-overflow-exploitation-example
Video of the month
https://www.youtube.com/watch?v=3sU557ZKjUs