MOBILE BROWSER SECURITY

Homepage / Trainings / MOBILE BROWSER SECURITY

Private Trainings​

Training Details

  • Training Length – 3 Days
  • Venue – Virtual / On-Site 

 

 What will Students Learn

  • Get an understanding of Browser Architecture and Rendering Engines
  • Webkit fundamentals and setting up test environment
  • Detailed Javascript Internals
  • Introduction to Attacking WebCore
  • Offensive Browser/JSC debugging
  • Understanding Browser mitigations
  • Introduction to Attacking JavascriptCore
  • Building exploit primitives
  • Understanding addrof() and fakeobj() primitive
  • Achieving arbitrary read/write
  • Attacking the rendering engine
  • Introduction to Fuzzing WebKit

Course Description

Web Browsers form the first line of defense in a remote attack. Because of its popularity and its rapidly changing landscape in order to provide consumers with the latest features, they form a wide attack surface and are often targeted.

We begin with an introduction to the Browser architecture and the different security mitigations in place. We will then learn how to set up a test environment using the open-source builds of different browser engines. With our focus on Safari’s Webkit, we will learn how to identify, analyze and exploit vulnerabilities in its two major components: WebCore and JavascriptCore. We will understand how objects are allocated and stored in the memory followed by an understanding of how JIT optimizations work.

We will then discuss how JIT optimization can be abused to find vulnerabilities, and how the basics of exploiting Type-confusion vulnerabilities. We will discuss certain exploit primitives (addrof and fakeobj) and how we can achieve arbitrary read/write using those primitives. We will look at some of the latest mitigations introduced in recent versions of Webkit and its impact on exploitation. The training will conclude with some techniques on how to effectively fuzz the Javascript engine using Grammar based fuzzing in order to find exploitable vulnerabilities.

 

Who Should Take This Course

  • This course is security researchers, penetration testers, developers or anyone keen to get an introduction to Browser and Webkit exploitation.
Share This :

CONTACT US

Please share with us the project requirements and the goals you want to achieve,  and one of our sales representatives will contact you within one business day.

Our Location

51 Pleasant St # 843, Malden, MA, Middlesex, US, 02148

General and Business inquiries

contact@8ksec.io

Trainings

trainings@8ksec.io

Press

press@8ksec.io

Phone

+1(347)-4772-006

SEND ENQUIRY