Turning Memory Errors Into Code Execution With Client-Side Compilers
Offered By: Hack In The Box Security Conference via YouTube
Course Description
Overview
Explore the security implications of client-side compilers in web browsers through this conference talk from HITB Security Conference. Dive into the world of Just-In-Time (JIT) and Ahead-of-Time (AOT) compilation, examining how these performance-enhancing technologies can be exploited by attackers. Learn about JIT-Spray techniques and their evolution in exploiting memory errors. Analyze specific vulnerabilities discovered in Mozilla Firefox's ASM.JS implementation, including CVE-2017-5375 and CVE-2017-5400. Discover how to craft and transform ASM.JS payloads for remote code execution on vulnerable Firefox versions. Gain insights from Robert Gawlik, a seasoned security researcher specializing in low-level security, binary software, and web browser internals, as he shares his findings and expertise in this 38-minute presentation.
Syllabus
#HITBGSEC 2018 D1: Turning Memory Errors Into Code Execution With Client-Side Compilers - R. Gawlik
Taught by
Hack In The Box Security Conference
Related Courses
CompilersStanford University via Coursera Compilers
Stanford University via edX Computation Structures 2: Computer Architecture
Massachusetts Institute of Technology via edX Compilers: Theory and Practice
Georgia Institute of Technology via Udacity Architecture, Algorithms, and Protocols of a Quantum Computer and Quantum Internet
Delft University of Technology via edX