Skip to content

Instantly share code, notes, and snippets.

View anvbis's full-sized avatar

Anvbis anvbis

54 followers · 13 following
View GitHub Profile
@anvbis
anvbis / pwntools-cheatsheet.md
Last active April 23, 2024 15:08
pwntools-cheatsheet.md
@anvbis
anvbis / v8_cve_dump.txt
Last active February 22, 2024 07:19
v8_cve_dump.txt
CVE-2023-2033
CVE-2023-1214
CVE-2023-0696
CVE-2022-4262
CVE-2022-4174
CVE-2022-3889
CVE-2022-3885
CVE-2022-3723
CVE-2022-3652
CVE-2022-3045
@anvbis
anvbis / v8_reading.txt
Created September 4, 2023 01:30
v8_reading.txt
Fundamentals:
-------------
https://jayconrod.com/posts/51/a-tour-of-v8--full-compiler
https://jayconrod.com/posts/52/a-tour-of-v8--object-representation
https://jayconrod.com/posts/54/a-tour-of-v8--crankshaft--the-optimizing-compiler
https://jayconrod.com/posts/55/a-tour-of-v8--garbage-collection
https://v8.dev/blog/fast-properties
https://developpaper.com/how-does-v8-run-object-representation-in-v8/
https://medium.com/@stankoja/v8-bug-hunting-part-2-memory-representation-of-js-types-ea37571276b8
https://jayconrod.com/posts/44/polymorphic-inline-caches-explained
@anvbis
anvbis / 2023_gpnctf_icefox.js
Created July 18, 2023 09:27
2023_gpnctf_icefox.js
let _buf = new ArrayBuffer(8);
let _flt = new Float64Array(_buf);
let _int = new BigUint64Array(_buf);
const itof = x => {
_int[0] = x;
return _flt[0];
};
const pwn = () => {
@anvbis
anvbis / 2023_crewctf_typer.js
Last active July 9, 2023 17:22
2023_crewctf_typer.js
let _buf = new ArrayBuffer(8);
let _flt = new Float64Array(_buf);
let _int = new BigUint64Array(_buf);
const ftoi = x => {
_flt[0] = x;
return _int[0];
};
const itof = x => {
@anvbis
anvbis / init.vim
Last active June 16, 2023 10:50
init.vim
filetype plugin indent on
set tabstop=2
set shiftwidth=2
set expandtab
set number
set termguicolors
" https://github.com/junegunn/vim-plug
@anvbis
anvbis / b5fa92428c9d4516ebdc72643ea980d8bde8f987.js
Created April 11, 2023 07:08
b5fa92428c9d4516ebdc72643ea980d8bde8f987.js
/*
HEAD @ b5fa92428c9d4516ebdc72643ea980d8bde8f987
*/
let buf = new ArrayBuffer(8);
let f64 = new Float64Array(buf);
let i64 = new BigUint64Array(buf);
const ftoi = x => {
f64[0] = x;
@anvbis
anvbis / Gemfile
Last active February 27, 2023 07:56
pwn.nix
source 'https://rubygems.org' do
gem 'seccomp-tools'
end
@anvbis
anvbis / blaze.diff
Last active December 27, 2022 04:28
blazefox-2022.js
diff --git a/js/src/builtin/Array.cpp b/js/src/builtin/Array.cpp
index 2b6d8953c523..fa60ef14f1ec 100644
--- a/js/src/builtin/Array.cpp
+++ b/js/src/builtin/Array.cpp
@@ -206,6 +206,20 @@ bool js::GetLengthProperty(JSContext* cx, HandleObject obj, uint64_t* lengthp) {
return ToLength(cx, value, lengthp);
}
+static MOZ_ALWAYS_INLINE bool BlazeSetLengthProperty(JSContext* cx,
+ HandleObject obj,
@anvbis
anvbis / hitcon-ctf-2022_fourchain-hole.js
Last active December 12, 2022 00:12
hitcon-ctf-2022_fourchain-hole.js
var buf = new ArrayBuffer(8);
var f64 = new Float64Array(buf);
var i64 = new BigUint64Array(buf);
const ftoi = x => {
f64[0] = x;
return i64[0];
};
const itof = x => {