Attacking ECMAScript Engines with Redefinition

by Natalie Silvanovich Sept. 18, 2017 via Black Hat submitted by belen_caty

The dynamic nature of ECMAScript allows for functions and properties to be redefined in a variety of ways - even functions that are vital for internal functionality of the ECMAScript engine. This presentation explores the problems that can arise from ECMAScript redefinition. It goes through the various ways that functions and properties can be redefined in different ECMAScript implementations and describes several vulnerabilities we found as a result of these methods. It also provides some strategies for finding these types of security issues in other targets.

Steven Ulm 1 month ago

The topic is super interesting but honestly, even if the article is well-researched, I find it quite hard to read as the writing style is a bit tangled...