YoVDO

The Power of Pair - One Template that Reveals 100+ UAF IE Vulnerabilities

Offered By: Black Hat via YouTube

Tags

Black Hat Courses Software Development Courses Ethical Hacking Courses Browser Security Courses Use-After-Free Vulnerability Courses

Course Description

Overview

Explore a powerful browser fuzzing strategy that uncovered over 100 Internet Explorer use-after-free vulnerabilities in this 34-minute Black Hat conference talk. Learn about the custom-built vulnerability hunting system and unique fuzzing approach that led to 19 CVEs affecting all versions of Microsoft IE. Discover the importance of effective fuzzing strategies in finding critical browser vulnerabilities, and gain insights into the methodology behind explicit and implicit pairing techniques. Examine the implementation, experimentation, and results of this innovative approach to browser security testing, and consider its implications for future vulnerability research.

Syllabus

Introduction
About Us
What is UAF
Is it possible
Zeroday samples
Compatible meta tag
Script function
Problems of randomness
What we learn
IE engineers
Flowchart
First Version
Third Version
Explicit Pairing
Examples
Implicit Pairing
Clear Attribute
Pair Combination
Test Cases
Demo
Implementation
Experimentation
Reboot
Results
Future Work
Thank You
QA


Taught by

Black Hat

Related Courses

Software as a Service
University of California, Berkeley via Coursera Software Testing
University of Utah via Udacity The Hardware/Software Interface
University of Washington via Coursera Software Debugging
Saarland University via Udacity Introduction to Systematic Program Design - Part 1
The University of British Columbia via Coursera