Hermes TypedArrayBuffer Type Confusion — From Bug to RCE

Posted on Wed 08 July 2026 in Security • Tagged with hermes, javascript, exploitation

I've been looking at the Hermes JS engine on and off for several years. In early May 2026, I picked it up again, and found a great heap OOB read/write bug, in TextEncoder/TextDecoder. I had not yet written a full Hermes exploit, so this seemed like a great …


Continue reading

Maintaining CTF Skills With Spaced Repetition

Posted on Fri 15 November 2024 in Security • Tagged with anki

I'm a longtime player of security ctfs. However, as I've gotten older, I've had less time to play. When I do play, I've often been frustrated when I have difficulty with problems that I was able to solve years earlier. My underlying knowledge is there, but so is a good …


Continue reading