Thomas Rinsma
Thomas is lead security analyst at Codean Labs where he focuses on application security evaluations and research. There, the urge to dive way to deep into dependencies has lately resulted in CVEs such as CVE-2024-4367 (Arbitrary JavaScript execution in PDF.js) and CVE-2024-29510 (Ghostscript RCE using format strings).
Outside of work, he likes to tinker with software and hardware, resulting in less "useful" hacks. You may have seen "Tetris in a PDF" or "Doom on a payment terminal".
Session
When embedded into JavaScript, WebAssembly modules can be "sandboxed" by defining a limited set of imports. It turns out that an obscure "feature" allows us to craft an exploit which bypasses this barrier, enabling us to run arbitrary JavaScript code from within a malicious WASM module. All within spec... by accident?