RET2 Systems
SERVICESSERVICES TRAININGSTRAININGS WARGAMESWARGAMES BLOGBLOG CONTACTCONTACT

Browser Exploitation

5-Day Security Training on Advanced Browser Exploitation

Private Group Trainings Available Now

Private Training Details

Length 4 || 5 Day Training
Venue Virtual || On-Site
Required # Of Seats 10 - 20 Seats
Join Training Waitlist

For a group of 10+ people:
Send us an email for more information

Course Description

Web browsers are among the most utilized consumer facing software products on the planet. As the ubiquitous gateway to the internet, browsers introduce significant risk to the integrity of personal computing devices. In the race to protect users while advancing web technology, premiere browsers have become increasingly complex targets to compromise.

Over the course of this training, students will receive a thorough introduction to vulnerability research as it pertains to modern web browsers. This includes identifying, evaluating, and weaponizing the latest vulnerability patterns via the exploitation of several recently patched vulnerabilities. Through this, students will experience the end to end process of developing memory corruption based exploits against these high value targets.

This course will focus specifically on Google Chrome and Apple Safari.

Learning Outcomes

  • Identify contemporary vulnerability patterns in web browsers
  • Develop an understanding of target-specific exploit techniques
  • Weaponize a diverse selection of real-world vulnerabilities
  • Execute renderer-only attacks to hijack user sessions
  • Clone, build, and debug properly versioned browser engines
  • Learn tooling for vulnerability discovery against massive codebases
  • Become familiar with the architecture of modern web browsers
  • Build an in-depth understanding of browser internals and JavaScript engines
  • Obtain a high level overview of browser sandboxing

Prerequisites

  • Familiar with modern exploitation subjects (DEP, ASLR, ROP)
  • Working knowledge of C++ and JavaScript
  • Some exposure to AMD64 assembly or low level systems
  • Linux command line proficiency
  • A Laptop capable of connecting to the internet (SSH)

Syllabus

Module 1 - Browser Architecture

Learn to navigate and develop on browser codebases
  • Breaking down modern browser architectures, major components
  • Setting up a browser research environment, building, debugging
  • Interfacing with different components of the browser (DOM, JS)
  • Introduction to JavaScript
  • JavaScript + DOM interaction, past issues
GITHUB | TWITTER | BLOG | CONTACT
(C) 2024 RET2 SYSTEMS, INC.