Browser (JS Engine) Exploitation

InfoSect is a training provider in Canberra, Australia. We offer specialist courses in Computer Security. Additionally, we offer space or the entire venue for hire including office and warehouse facilities.

InfoSect Canberra

<DIV CLASS="WordSection1">This 3-day course will give students a zero to hero in-depth examination of techniques to exploit JavaScript engine memory corruption bugs in the Firefox and Chrome web browsers. Spidermonkey and V8 will be the targets for exploitation. Spidermonkey is the JS engine in Firefox and V8 is the JS engine in Chrome. The OS environment for the course is Linux. However, the exploitation concepts and techniques presented will work on other platforms.  </DIV>
<DIV CLASS="WordSection1"> </DIV>
<DIV CLASS="WordSection1">Course Objectives
To be able to gain code execution in Firefox (Spidermonkey) and Chrome (V8) given a JS engine memory corruption bug. Sandbox escapes will not be covered in this course.
Duration and Schedule
3 Days, 9am - 5pm
Training Outcomes
<UL>
<LI CLASS="MsoNormal">Demonstrate understanding of JS engine internals</LI>
<LI CLASS="MsoNormal">Demonstrate building exploitation primitives</LI>
<LI CLASS="MsoNormal">Demonstrate code execution in modern JS engines and web browsers</LI>
</UL>
 Who Should Attend?
<UL>
<LI>Developers</LI>
<LI>IT Professionals</LI>
<LI>Embedded Developers</LI>
<LI>OS Developers</LI>
<LI>Penetration Testers</LI>
<LI>Software Security Auditors/Analysts</LI>
<LI>Vulnerability Researchers</LI>
<LI>Software Exploitation Developers</LI>
<LI>and anyone interested</LI>
</UL>
About the Trainer
Dr Silvio Cesare is the Managing Director at InfoSect. He has worked in technical roles and been involved in computer security for over 20 years. This period includes time in Silicon Valley in the USA, France, and Australia. He has worked commercially in both defensive and offensive roles within engineering. He has reported hundreds of software bugs and vulnerabilities in Operating Systems kernels. He was previously the Director for Education and Training at UNSW Canberra Cyber, ensuring quality content and delivery. In his early career, he was the scanner architect and a C developer at Qualys. He is also the co-founder of BSides Canberra - Australia’s largest cyber security conference. He has a Ph.D. from Deakin University and has published within industry and academia, is a 4-time Black Hat speaker, gone through academic research commercialisation, and authored a book (Software Similarity and Classification, published by Springer).
What Will be Provided?
<UL>
<LI>Laptops for class use.</LI>
<LI>Access to laboratories on the “cyber range”</LI>
<LI>Catering</LI>
<LI>InfoSect Swag</LI>
</UL>
Participant Skillset
Students taking Browser (JS Engine) Exploitation should have an intermediate exploitation development background, an exposure in C++ development, and basic JavaScript development experience. Students who have completed the InfoSect courses Code Review and Linux Heap Exploitation will have the prerequisite knowledge. If these courses have not been attended, students should have hands on experience in:
<UL>
<LI>Binary Exploitation</LI>
<LI>C++ Coding Experience</LI>
<LI>JavaScript Coding Experience</LI>
<LI>Linux</LI>
</UL>
CLASS SYLLABUS
</DIV>
<H2>Day 1</H2>
Lectures and Labs
<UL>
<LI>The Browser Landscape</LI>
<LI>Browser Architecture</LI>
<LI>Security the Browser</LI>
<LI>Javascript Engine Overview</LI>
<LI>V8 Data Types</LI>
<LI>Orinoco – The V8 Garbage Collector</LI>
<LI>Custom Built-ins in V8</LI>
<LI>Arbitrary R/W Primitives in V8</LI>
<LI>Arbitrary R/W to Code Execution in V8</LI>
</UL>
Day 2
Lectures and Labs
<UL>
<LI>Relative R/W to Addrof/Fakeobj in V8</LI>
<LI>Addrof/Fakeobj to Limited Arbitrary R/W in V8</LI>
<LI>Limited Arbitrary R/W to Full Arbitrary R/W in V8 </LI>
</UL>
<H2>Day 3</H2>
Lectures and Labs
<UL>
<LI>Spidermonkey Data Types</LI>
<LI>The Spidermonkey Heaps</LI>
<LI>Custom Built-ins in Spidermonkey</LI>
<LI>JIT Style Attacks</LI>
<LI>Relative R/W to Stable Arbitrary R/W in Spidermonkey</LI>
<LI>Arbitrary R/W to Code Execution in Spidermonkey </LI>
</UL>
 Courses have no more than 10 people.
A minimum of 4 registrations are required for course to run. If less than 4 registrations are received, InfoSect will be in contact about refunding or rescheduling the course.

InfoSect

Our {communityGuidelinesLink} describe the sort of content we prohibit on Eventbrite. If you suspect an event may be in violation, you can report it to us so we can investigate.

To report other categories of prohibited or illegal content, submit {link}

Browser (JS Engine) Exploitation

More upcoming events from InfoSect Canberra

Discover more upcoming events from InfoSect Canberra, from Science & Tech to other experiences you might love.

Still looking for the right event?

Explore all events in Fyshwick and filter by date, category, and more to find the perfect fit.

Browser (JS Engine) Exploitation

More upcoming events from InfoSect Canberra

Discover more upcoming events from InfoSect Canberra, from Science & Tech to other experiences you might love.

More Science & Tech events

Browse more Science & Tech events with different dates, prices, and formats to find your next great experience.

Still looking for the right event?

Explore all events in Fyshwick and filter by date, category, and more to find the perfect fit.