8ksec logo

MOBILE BROWSER SECURITY

HomepageTraining / MOBILE BROWSER SECURITY

Private Trainings​

Training Details

  • Training Length – 3 Days
  • Venue – Virtual / On-Site 

 

 What will Students Learn

  • Get an understanding of Browser Architecture and Rendering Engines
  • Webkit fundamentals and setting up test environment
  • Detailed Javascript Internals
  • Introduction to Attacking WebCore
  • Offensive Browser/JSC debugging
  • Understanding Browser mitigations
  • Introduction to Attacking JavascriptCore
  • Building exploit primitives
  • Understanding addrof() and fakeobj() primitive
  • Achieving arbitrary read/write
  • Attacking the rendering engine
  • Introduction to Fuzzing WebKit

Course Description

Web Browsers form the first line of defense in a remote attack. Because of its popularity and its rapidly changing landscape in order to provide consumers with the latest features, they form a wide attack surface and are often targeted.

We begin with an introduction to the Browser architecture and the different security mitigations in place. We will then learn how to set up a test environment using the open-source builds of different browser engines. With our focus on Safari’s Webkit, we will learn how to identify, analyze and exploit vulnerabilities in its two major components: WebCore and JavascriptCore. We will understand how objects are allocated and stored in the memory followed by an understanding of how JIT optimizations work.

We will then discuss how JIT optimization can be abused to find vulnerabilities, and how the basics of exploiting Type-confusion vulnerabilities. We will discuss certain exploit primitives (addrof and fakeobj) and how we can achieve arbitrary read/write using those primitives. We will look at some of the latest mitigations introduced in recent versions of Webkit and its impact on exploitation. The training will conclude with some techniques on how to effectively fuzz the Javascript engine using Grammar based fuzzing in order to find exploitable vulnerabilities.

 

Who Should Take This Course

  • This course is security researchers, penetration testers, developers or anyone keen to get an introduction to Browser and Webkit exploitation.

Lorem Ipsum Dolor Sit Amet, Consectetur

Lorem Ipsum Dolor Sit Amet, Consectetur Lorem Ipsum Dolor Sit Amet, Consectetur

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Proin tristique, leo sit amet. Proin tristique, leo sit amet. elit. Proin tristique, leo sit amet. Proin tristique, leo sit amet.

Sample video Content

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nunc sagittis mauris ac enim sagittis dignissim. Praesent egestas, urna quis auctor iaculis, lacus tortor porta ligula. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nunc sagittis mauris ac enim sagittis dignissim. Praesent egestas, urna quis auctor iaculis, lacus tortor porta ligula. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nunc sagittis mauris ac enim sagittis dignissim. Praesent egestas, urna quis auctor iaculis, lacus tortor porta ligula.

Lorem Ipsum

Lorem Ipsum Dolor Sit Amet,

Lorem Ipsum Dolort,

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Proin tristique, leo sit amet. Proin tristique, leo sit amet. elit. Proin tristique, leo sit amet. Proin tristique, leo sit amet.

Lorem Ipsum Dolort, Ipsum Dolort,

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Proin tristique, leo sit amet. Proin tristique, leo sit amet. elit. Proin tristique, leo sit amet. Proin tristique, leo sit amet. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Proin tristique, leo sit amet. Proin tristique, leo sit amet. elit. Proin tristique, leo sit amet. Proin tristique, leo sit amet.Lorem ipsum dolor sit amet, consectetur adipiscing elit. Proin tristique, leo sit amet. Proin tristique, leo sit amet. elit. Proin tristique, leo sit amet. Proin tristique, leo sit amet.

Lorem Ipsum Dolort, Ipsum

Lorem Ipsum Dolort,

Lorem Ipsum Dolort,

Lorem Ipsum Dolort,

Lorem Ipsum Dolort,

Lorem Ipsum Dolort,

Lorem Ipsum Dolort,

Lorem Ipsum Dolort,

Lorem Ipsum Dolort,

Lorem Ipsum Dolort,

Lorem Ipsum Dolort,

Lorem Ipsum Dolort,

Lorem Ipsum Dolort,

Lorem Ipsum

Lorem Ipsum Dolor Sit Amet,

Lorem Ipsum Dolort,

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Proin tristique, leo sit amet. Proin tristique, leo sit amet. elit. Proin tristique, leo sit amet. Proin tristique, leo sit amet. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Proin tristique, leo sit amet. Proin tristique, leo sit amet. elit. Proin tristique, leo sit amet. Proin tristique, leo sit amet. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Proin tristique, leo sit amet. Proin tristique, leo sit amet. elit. Proin tristique, leo sit amet. Proin tristique, leo sit amet.

CONTACT US

Please share with us the project requirements and the goals you want to achieve,  and one of our sales representatives will contact you within one business day.

Our Location

51 Pleasant St # 843, Malden, MA, Middlesex, US, 02148

General and Business inquiries

contact@8ksec.io

Trainings

trainings@8ksec.io

Press

press@8ksec.io

Phone

+1(347)-4772-006

SEND ENQUIRY

Lorem Ipsum

Lorem Ipsum Dolor

Lorem ipsum dolor sit amet, consectetur adipiscing eli

Lorem Ipsum Dolor

Lorem ipsum dolor sit amet, consectetur adipiscing eli

Lorem Ipsum

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Proin tristique,

leo sit amet. Proin tristique, leo sit amet. elit. Proin tristique, leo sit amet. Proin tristique, leo sit amet.

Lorem Ipsum

Lorem Ipsum

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Proin tristique, leo sit amet. Proin tristique, leo sit amet. elit. Proin tristique, leo sit amet. Proin tristique, leo sit amet. leo sit amet. Proin tristique, leo sit amet.

Lorem Ipsum

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Proin tristique, leo sit amet. Proin tristique, leo sit amet. elit. Proin tristique, leo sit amet. Proin tristique, leo sit amet. leo sit amet. Proin tristique, leo sit amet.

TESTIMONIALS

What Client Says About Us

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nunc sagittis mauris ac enim sagittis dignissim.

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Proin tristique, leo sit amet aliquet sollicitudin, nulla mi viverra mi, a sodales magna sem quis sem. Phasellus finibus lectus ac ligula gravida vulputate.

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Proin tristique, leo sit amet aliquet sollicitudin, nulla mi viverra mi, a sodales magna sem quis sem. Phasellus finibus lectus ac ligula gravida vulputate.

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Proin tristique, leo sit amet aliquet sollicitudin, nulla mi viverra mi, a sodales magna sem quis sem. Phasellus finibus lectus ac ligula gravida vulputate.

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Proin tristique, leo sit amet aliquet sollicitudin, nulla mi viverra mi, a sodales magna sem quis sem. Phasellus finibus lectus ac ligula gravida vulputate.

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Proin tristique, leo sit amet aliquet sollicitudin, nulla mi viverra mi, a sodales magna sem quis sem. Phasellus finibus lectus ac ligula gravida vulputate.