The Fundamentals of Browser Exploitation

A Self-Paced, Asynchronous Security Training developed by RET2 Systems

Next Session Starting: April 7th, 2025

Asynchronous Training Details

Venue	Virtual - Training Platform
Instructor / SME Access	30 Days
Training VM Access	90 Days (Cloud Hosted)
Expected Completion Time	1-2 Weeks (Full Time) 2-4 Weeks (Part Time)
Maximum Group Size	20
Pricing	$3,499 USD / Seat

Asynchronous Training Format

This is a self-guided and self-paced training.

Students are given access to our training platform which hosts course materials and facilitates access to training VMs. There are no scheduled livestreams or video sessions; rather students progress through a series of modules and exercises at their own pace.

Instructors and subject matter experts from RET2 will be available for questions and course-assistance via a private discord server (shared with other students in the session), on-platform messaging, or over email. We are also happy to accommodate other methods of assistance upon request.

Please contact us prior to booking a seat if you have any questions about the format of this training.

Course Description

Web browsers are among the most utilized consumer facing software products on the planet. As the ubiquitous gateway to the internet, browsers introduce significant risk to the integrity of personal computing devices. In the race to protect users while advancing web technology, premiere browsers have become increasingly complex targets to compromise.

Over the course of this training, students will receive a thorough introduction to the fundamental concepts of vulnerability research as it pertains to modern web browsers. This includes identifying, evaluating, and weaponizing a range of vulnerability patterns via the exploitation of patched, real-world vulnerabilities as well as custom-written, demonstrative examples. Through this, students will experience the end-to-end process of developing memory corruption based exploits against web browsers.

This course will focus specifically on Google Chrome and Apple Safari.

Learning Outcomes

Identify contemporary vulnerability patterns in web browsers
Develop an understanding of target-specific exploit techniques
Weaponize a diverse selection of real-world vulnerabilities
Execute renderer-only attacks to hijack user sessions
Clone, build, and debug properly versioned browser engines
Learn tooling for vulnerability discovery against massive codebases
Become familiar with the architecture of modern web browsers
Build an in-depth understanding of browser internals and JavaScript engines
Obtain a high-level overview of browser sandboxing

Prerequisites

This is an advanced training that assumes familiarity with contemporary vulnerability research topics.

Familiar with modern exploitation subjects (DEP, ASLR, ROP)
Good working-knowledge of C++ and JavaScript
Experience with assembly-level debugging; recommended familiarity with x86-64
Linux command line proficiency

Syllabus

Module 1 - Browser Architecture

Learn the architecture of Browser and JavaScript engines

Breaking down modern browser architectures, major components
Setting up a browser research environment, building, debugging
Introduction to JavaScript / DOM for Vulnerability Research
JavaScript + DOM interaction, "legacy" browser vulnerability patterns
JavaScript Engine Design
V8 (Chromium) and JavaScriptCore (WebKit) Engine Internals
JavaScript Garbage Collection

Feature Showcase

Training VM

Each user receives their own, personal cloud-hosted Training Virtual Machine. This VM can be started, stopped, and configured directly from the training platform.

Integrated Exercises

Exercises are interspersed throughout the written materials to encourage learning-by-doing. These exercises are integrated into the Training VM and can be launched and debugged with one-line commands.

Prebuilt Engines

Multiple prebuilt, pre-patched, and pre-configured engines allow you to focus on learning browser-exploitation. No fighting compilers and manual patch-diffing required!