Don't miss part 2 (https://googleprojectzero.blogspot.com/2020/09/jitsploitatio...) and part 3 (https://googleprojectzero.blogspot.com/2020/09/jitsploitatio...), which demonstrate bypassing Gigacage and StructureID randomization for arbitrary R/W and then getting PC control in the face of PAC/APRR respectively.