About  Project Blog Resources

Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

From Compiler Optimization to Code Execution - VirtualBox VM Escape - 85

Void SecurityPosted 6 Years Ago
  • The CPU optimization created a double fetch, of the same memory location... This does not seem like a big deal! But, a value can be verified as correct, then changed when actually used! This is known as a TOCTOU (time of check vs time of use).
  • The article claims to be that the vulnerability is caused by the variable not being set to volatile. However, my understanding of volatile is that the value should be regathered frequently, because the value could be changed out of band or something like that.
  • After not understanding what this flag on a variable meant, I found a great article explaining it all at barrgroup.

Maxwell DulinEmail me!TwitterGithubAdminBlog RSS FeedResources RSS Feed