In this year's UIUCTF, they provided an interesting web challenge called Pwnypass, which revealed an intriguing timing-based behavior in the browser during navigation that can be leveraged by attackers. I give it a fancy name: EAR (Execution After Redirect) attack on the client side.

In this blog, I discussed about Jazzer, focusing on its fuzzing loop, feedback mechanism, mutation strategy, and sanitizers.

In this weekend, I solved a interesting memory corruption vulnerability in WebAssembly binary.

Recently, I start to maintain a repo related to 'web-pwn' in the github, which refer to the exploitation of memory-related vulnerabilities within essential web components like browsers, JavaScript runtimes, PHP runtimes, and others.

This writeup contains an interesting mXSS challenge, named awesome-note-2, from the hack.lu this year.