YoVDO

Browser Hacking With ANGLE

Offered By: Hack In The Box Security Conference via YouTube

Tags

Hack In The Box Security Conference Courses WebGL Courses Remote Code Execution (RCE) Courses Web Security Courses Vulnerability Analysis Courses Browser Exploitation Courses

Course Description

Overview

Explore browser hacking techniques using ANGLE in this 49-minute conference talk from the Hack In The Box Security Conference. Gain foundational knowledge of the ANGLE project and its implementation in WebGL/WebGL2 for web browsers. Analyze vulnerability types, root causes, and exploitable flaws in ANGLE, including a demonstration of achieving remote code execution on macOS. Dive into specific vulnerabilities like CVE-2021-30626, crbug.com/1266437, and CVE-2022-26717. Learn about ANGLE architecture, WebGL implementation, and various exploitation techniques such as out-of-bound reads, heap overflows, and use-after-free vulnerabilities. Follow along as the presenter, Jeonghoon Shin, a KITRI BoB mentor, guides you through the intricacies of browser bug hunting and exploitation.

Syllabus

Intro
Background of ANGLE
ANGLE Architecture Overview
WebGL Implementation
Chrome texStorage3D Out of Bound Read
Safari MultiDrawArrays Heap overflow
Safari Transform Feedback Use After Free
Allocate Buffer Object
Exploitation Steps
JSC's Butterfly Overview
Step 1: Heap Spray
Trigger the Bug
Search Corrupted JSArray
Get JSCell and Structure ID
Get addrof/fakeobj primitives


Taught by

Hack In The Box Security Conference

Related Courses

Can A Fuzzer Match A Human
Hack In The Box Security Conference via YouTube
Biometrics System Hacking in the Age of the Smart Vehicle
Hack In The Box Security Conference via YouTube
ICEFALL - Revisiting A Decade Of OT Insecure-By-Design Practices
Hack In The Box Security Conference via YouTube
Fuzzing the MCU of Connected Vehicles for Security and Safety
Hack In The Box Security Conference via YouTube
Code Intention Hiding Based on AI Uninterpretability
Hack In The Box Security Conference via YouTube