
Web browsers are among the most utilized consumer facing software products on the planet. As the ubiquitous gateway to the internet, browsers introduce significant risk to the integrity of personal computing devices. In the race to protect users while advancing web technology, premiere browsers have become increasingly complex targets to compromise. Over the course of this training, students will receive a thorough introduction to vulnerability research as it pertains to modern web browsers. This includes identifying, evaluating, and weaponizing the latest vulnerability patterns via the exploitation of several recently patched vulnerabilities. Through this, students will experience the end to end process of developing memory corruption based exploits against these high value targets. This course will focus specifically on Google Chrome and Apple Safari.
Learning Objectives
- Identify contemporary vulnerability patterns in web browsers
- Become familiar with the architecture of modern web browsers
- Build an in-depth understanding of browser internals and JavaScript engines
- Develop an understanding of target-specific exploit techniques
- Weaponize real-world vulnerabilities
- Execute renderer-only attacks to hijack user sessions
- Obtain a high level overview of browser sandboxing
Syllabus
-
Browser Architecture (General, Chrome, Safari/Webkit)
-
JavaScript Internals in Exploitation (General, V8, JSC)
-
JavaScript JIT Compilers (General, V8)
-
JavaScript Exploit Engineering (General, V8, JSC)
Security Education
OffSec
iNE
Antisyphon
EC-Council
Applied Network Defense
Kaspersky
Sektor7
CompTIA
TCM Security
BlackHat
13Cubed
Dark Vortex
Enciphers
Forty North
Cyber warfare Labs
Maltrak
Scorpio Software
Security Onion
Zero Point Security
SentinelOne
Altered Security
SpecterOps
Pentester Academy
CQURE
PluralSight
StationX
Cybr
موسسههای دیگر