Web browsers are among the most utilized consumer facing software products on the planet. As the ubiquitous gateway to the internet, browsers introduce significant risk to the integrity of personal computing devices. In the race to protect users while advancing web technology, premiere browsers have become increasingly complex targets to compromise. Over the course of this training, students will receive a thorough introduction to vulnerability research as it pertains to modern web browsers. This includes identifying, evaluating, and weaponizing the latest vulnerability patterns via the exploitation of several recently patched vulnerabilities. Through this, students will experience the end to end process of developing memory corruption based exploits against these high value targets. This course will focus specifically on Google Chrome and Apple Safari.
Learning Objectives
- Identify contemporary vulnerability patterns in web browsers
- Become familiar with the architecture of modern web browsers
- Build an in-depth understanding of browser internals and JavaScript engines
- Develop an understanding of target-specific exploit techniques
- Weaponize real-world vulnerabilities
- Execute renderer-only attacks to hijack user sessions
- Obtain a high level overview of browser sandboxing
Syllabus
-
Browser Architecture (General, Chrome, Safari/Webkit)
-
JavaScript Internals in Exploitation (General, V8, JSC)
-
JavaScript JIT Compilers (General, V8)
-
JavaScript Exploit Engineering (General, V8, JSC)
