Smashing The Browser: From Vulnerability Discovery To Exploit Development


Smashing The Browser: From Vulnerability Discovery To Exploit Development.

Part 1:

Browser Fuzzing Technology

This part will first introduce a fuzzer framework (StateFuzzer) developed by myself as well as the fuzzing strategies behind it. Then conclude some effective fuzzing ideas and related vulnerabilities based on results of the fuzzer.

Part 2:

Advance Browser Exploitation Techniques

This part will first brief introduce the security model of modern browsers as well as the combat between exploit and mitigation. Then introduce all kinds of heap management mechanisms and their defects together with some exploit-friendly data structures of Google Chrome and IE 11. After that, analyze the advance exploit technologies of these two browsers, including two new exploitation techniques, one of which is not limited by sandbox (Demo). Finally conclude the dilemmas of Address Space Layout Randomization (ASLR), Data Execution Prevention (DEP) and Sandbox.

Part 3:

IE 11 0day Exploit Development

After taking one of my IE 11 UAF vulnerabilities from StateFuzzer, I will share the whole exploit developing experience from the vulnerability trigger to arbitrary code execution, together with all related technologies and skills (Demo).

At last, I will bring a special, interesting and undisclosed IE 11 0day (not affected by isolated heap and protected free).

Download

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s