Glitch Chronicles - Turning WebGL Into A Hammer
Offered By: Hack In The Box Security Conference via YouTube
Course Description
Overview
Explore the intricacies of WebGL exploitation in this comprehensive conference talk from HITB2018DXB. Dive deep into the world of Glitch attacks, understanding attacker primitives and DRAM organization. Learn about address translation, eviction-based Rowhammer attacks, and GPU architecture. Discover how texture sampling and fast memory access play crucial roles in DRAM exploitation. Examine WebGL-based timers and contiguous memory detection techniques. Uncover the potential of JavaScript arrays, IEEE-754 floating-point numbers, and type flipping for exploitation. Master arbitrary read/write techniques and gain insights into the broader implications of these vulnerabilities. Conclude with a thorough recap and key takeaways for enhancing web security.
Syllabus
Introducción
Glitch: what?
Attacker primitives
DRAM: organization
Address translation: THPS
#P2. Eviction-based Rowhammer: arm
Attack Vector
GPU: The rendering pipeline
#P1. GPU: The architecture
#P1. DRAM access: texture sampling
Fast memory access
Eviction-based Rowhammer: GPU
Memory Allocation
DRAM Reads: recap
#P3. Contiguous Memory: Detection
#P3. WebGL-based timers
Glitch: in a nutshell
Exploitation: JS Arrays
IEEE-754 floating point (double)
Exploitation: Type Flipping
Exploitation: Arbitrary R/W
Exploitation: Arbitrary read
Exploitation: Recap
Conclusions
Taught by
Hack In The Box Security Conference
Related Courses
Browser Hacking With ANGLEHack In The Box Security Conference via YouTube Can A Fuzzer Match A Human
Hack In The Box Security Conference via YouTube Biometrics System Hacking in the Age of the Smart Vehicle
Hack In The Box Security Conference via YouTube ICEFALL - Revisiting A Decade Of OT Insecure-By-Design Practices
Hack In The Box Security Conference via YouTube Fuzzing the MCU of Connected Vehicles for Security and Safety
Hack In The Box Security Conference via YouTube