Training Details
What will Students Learn
Web Browsers form the first line of defense in a remote attack. Because of its popularity and its rapidly changing landscape in order to provide consumers with the latest features, they form a wide attack surface and are often targeted.
We begin with an introduction to the Browser architecture and the different security mitigations in place. We will then learn how to set up a test environment using the open-source builds of different browser engines. With our focus on Safari’s Webkit, we will learn how to identify, analyze and exploit vulnerabilities in its two major components: WebCore and JavascriptCore. We will understand how objects are allocated and stored in the memory followed by an understanding of how JIT optimizations work.
We will then discuss how JIT optimization can be abused to find vulnerabilities, and how the basics of exploiting Type-confusion vulnerabilities. We will discuss certain exploit primitives (addrof and fakeobj) and how we can achieve arbitrary read/write using those primitives. We will look at some of the latest mitigations introduced in recent versions of Webkit and its impact on exploitation. The training will conclude with some techniques on how to effectively fuzz the Javascript engine using Grammar based fuzzing in order to find exploitable vulnerabilities.
Please share with us the project requirements and the goals you want to achieve, and one of our sales representatives will contact you within one business day.
51 Pleasant St # 843, Malden, MA, Middlesex, US, 02148
contact@8ksec.io
trainings@8ksec.io
press@8ksec.io
+1(347)-4772-006
Get the latest news & updates
© 2024 8kSec LLC All Right Reserved
