Resources
People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!
- The beginning says it all: serialization / deserialization is hard to implement correctly. Anytime complicated serialization is being done, this is a good place to look for vulns.
- By adding a fuzzer, to test the extension, several crashes were found.
- Eventually, by playing with the serialized values enough, a crash resulted with the classic "AAAA" (0x41414141) being within the instruction pointer.
- With a combined memory leak and the ability to write to the program, this essentially guarantees a RCE :)
