Untitled

SLANG is an in-house interpreted programming language at Goldman Sachs, similar to Python, with millions of lines of critical business code written in it. It's tightly integrated with SecDB, a custom key-value database.
SLANG code runs in various contexts, from data processing jobs to web servers, on both Windows workstations and Linux servers. The language includes native C-based functions for performance-critical operations.
Security analysis of SLANG and SecDB is relatively new, with buffer overflow vulnerabilities known to exist in the implementation. The project aims to exploit one such vulnerability to achieve remote code execution on a Linux-based environment.
The project serves dual purposes: to confirm the impact of these vulnerabilities and to potentially become a training vehicle for Goldman Sachs' broader pentesting community in exploit development and research.