Turning Memory Errors Into Code Execution With Client-Side Compilers
Offered By: Hack In The Box Security Conference via YouTube
Course Description
Overview
Explore the security implications of client-side compilers in web browsers through this conference talk from HITB Security Conference. Dive into the world of Just-In-Time (JIT) and Ahead-of-Time (AOT) compilation, examining how these performance-enhancing technologies can be exploited by attackers. Learn about JIT-Spray techniques and their evolution in exploiting memory errors. Analyze specific vulnerabilities discovered in Mozilla Firefox's ASM.JS implementation, including CVE-2017-5375 and CVE-2017-5400. Discover how to craft and transform ASM.JS payloads for remote code execution on vulnerable Firefox versions. Gain insights from Robert Gawlik, a seasoned security researcher specializing in low-level security, binary software, and web browser internals, as he shares his findings and expertise in this 38-minute presentation.
Syllabus
#HITBGSEC 2018 D1: Turning Memory Errors Into Code Execution With Client-Side Compilers - R. Gawlik
Taught by
Hack In The Box Security Conference
Related Courses
Browser Hacking With ANGLEHack In The Box Security Conference via YouTube Can A Fuzzer Match A Human
Hack In The Box Security Conference via YouTube Biometrics System Hacking in the Age of the Smart Vehicle
Hack In The Box Security Conference via YouTube ICEFALL - Revisiting A Decade Of OT Insecure-By-Design Practices
Hack In The Box Security Conference via YouTube Fuzzing the MCU of Connected Vehicles for Security and Safety
Hack In The Box Security Conference via YouTube