raptor 

Awesome @githubsecurity articles by @anticomputer on recognizing and exploiting the hidden attack surface of interpreted languages

Now you C me, now you don't: An introduction to the hidden #attack surface of interpreted languages
https://securitylab.github.com/research/now-you-c-me/

Now you C me, now you don't, part two: #exploiting the in-between
https://securitylab.github.com/research/now-you-c-me-part-two/

For historical context on the ret2dlresolve #xdev technique, see also Nergal's "The advanced return-into-lib(c) exploits"
http://phrack.org/issues/58/4.html

Now you C me, now you don’t: An introduction to the hidden attack surface of interpreted languages

Aimed at developers, in this series we introduce and explore the memory unsafe attack surface of interpreted languages.

GitHub Security Lab
Nov 27, 2022 at 9:20amWeb