Speaker(s): Shane Macaulay, IOActive
jsASTer is a script host analyzer with a focus on in memory JIT validation. An enlightened script host may operate while system code integrity policies are being enforced due to interoperation with code policies, restricted language modes and so forth. For unenlightened script hosts it may be that they are simply white listed and allowed to JIT code into their address space (e.g. chrome/v8, firefox, llvm/wasm). Post exploitation, or an evil actor were to inject into the address space of an unenlightened host it may bypass code integrity restrictions depending on the script host and configuration. We will release an initial version of jsASTer that will analyze emitted JIT code to produce a higher level of trust from these hosts.