Browser Exploitation

5-Day Security Training on Advanced Browser Exploitation

June 3 - 7, 2019. Troy, New York

Event Details

Date June 3rd - June 7th, 2019
Time 9:00am - 5:00pm
Includes catered Breakfast & Lunch daily
Venue Studio Beta @ EMPAC
8th Street, Troy NY, 12180
Capacity 20 seats  Sold Out
Brochure PDF
Event Registration

This event is currently sold out.

For more information or to book a private training please contact us.

Course Description

Web browsers are among the most utilized consumer facing software products on the planet. As the ubiquitous gateway to the internet, browsers introduce significant risk to the integrity of personal computing devices. In the race to protect users while advancing web technology, premiere browsers have become increasingly complex targets to compromise.

Over the course of this training, students will receive a thorough introduction to vulnerability research as it pertains to modern web browsers. This includes identifying, evaluating, and weaponizing the latest vulnerability patterns via the exploitation of several recently patched vulnerabilities. Through this, students will experience the end to end process of developing memory corruption based exploits against these high value targets.

This course will focus specifically on Google Chrome and Apple Safari.

Learning Outcomes

  • Identify contemporary vulnerability patterns in web browsers
  • Develop an understanding of target-specific exploit techniques
  • Weaponize a diverse selection of real-world vulnerabilities
  • Execute renderer-only attacks to hijack user sessions
  • Clone, build, and debug properly versioned browser engines
  • Learn tooling for vulnerability discovery against massive codebases
  • Become familiar with the architecture of modern web browsers
  • Build an in-depth understanding of browser internals and JavaScript engines
  • Obtain a high level overview of browser sandboxing

Prerequisites

  • Familiar with modern exploitation subjects (DEP, ASLR, ROP)
  • Working knowledge of C++ and JavaScript
  • Some exposure to AMD64 assembly or low level systems
  • Linux command line proficiency
  • A Laptop capable of connecting to the internet (SSH)

Syllabus

Day 1 - Browser Architecture

Learn to navigate and develop on browser codebases
  • Breaking down modern browser architectures, major components
  • Setting up a browser research environment, building, debugging
  • Interfacing with different components of the browser (DOM, JS)
  • Introduction to JavaScript
  • JavaScript + DOM interaction, past issues