home
Course Info
cloud
Training VM
lock
login
Login
Ask a Question
Exploit Engineering
Sections
lock
2.2.1 - Exploit Engineering
Exercises
lock
2.2.E1 - Int64.js Exercise
lock
2.2.E2 - JSC Out Of Bounds Exercise
lock
2.2.E3 - JSC Out Of Bounds `addr_of` Exercise
lock
2.2.E4 - JSC Out Of Bounds `obj_at_addr` Exercise
lock
2.2.E5 - V8 Out Of Bounds Exercise
lock
2.2.E6 - V8 Out Of Bounds `addr_of` Exercise
lock
2.2.E7 - V8 Out Of Bounds `obj_at_addr` Exercise
menu_open
Fundamentals of Browser Exploitation
1 - Browser Architecture
1.1 - Browser Components
1.1.1 - Browser Overview and Components
1.2 - Building Browsers
1.2.1 - Building Browsers
1.2.E1 - Building V8
1.2.E2 - Building JSC
1.3 - Introduction to JavaScript for Vulnerability Researchers
1.3.1 - JavaScript Fundamentals
1.3.E1 - JavaScript Doubles and Integers
1.3.E2 - JavaScript Object Properties
1.4 - Introduction to the DOM for Vulnerability Researchers
1.4.1 - Browser Components & the DOM
1.5 - DOM Events and Vulnerabilities
1.5.1 - DOM Events
1.5.E1 - DOM Event Callback Vulnerability
1.6 - Javascript Engine Design
1.6.1 - JavaScript Engine Internal Concepts
1.7 - Javascript Engine Internals for V8
1.7.1 - V8 Engine Internals
1.7.E1 - V8 Pointer Tagging Exercise
1.7.E2 - V8 JSObject Memory Exercise
1.7.E3 - Element Kind Exercise
1.8 - Javascript Engine Internals for JSC
1.8.1 - JavaScriptCore Engine Internals
1.8.E1 - JSC NaN Box Exercise
1.8.E2 - JSC Butterfly Exercise
1.8.E3 - JSC Indexing Type Exercise
1.9 - JavaScript Garbage Collectors
1.9.1 - JavaScript Garbage Collectors
1.9.E1 - Garbage Collection Intro
1.9.E2 - Triggering GC Exercise
2 - JavaScript Engine Vulnerabilities
2.1 - JavaScript Bug Patterns
lock
2.1.1 - JavaScript Bug Patterns
lock
2.1.E1 - Property Getters/Setters Quiz
lock
2.1.E2 - JSC - CVE-2016-4622 Exercise
lock
2.1.E3 - JSC - CVE-2017-2446 Exercise
2.2 - Exploit Engineering
lock
2.2.1 - Exploit Engineering
lock
2.2.E1 - Int64.js Exercise
lock
2.2.E2 - JSC Out Of Bounds Exercise
lock
2.2.E3 - JSC Out Of Bounds `addr_of` Exercise
lock
2.2.E4 - JSC Out Of Bounds `obj_at_addr` Exercise
lock
2.2.E5 - V8 Out Of Bounds Exercise
lock
2.2.E6 - V8 Out Of Bounds `addr_of` Exercise
lock
2.2.E7 - V8 Out Of Bounds `obj_at_addr` Exercise
2.3 - Arbitrary Read/Write
lock
2.3.1 - Arbitrary Read/Write Primitives
lock
2.3.E1 - JSC Fake Object Exercise
lock
2.3.E2 - JSC Arbitrary Read/Write Exercise
lock
2.3.E3 - V8 Fake Object Exercise
lock
2.3.E4 - V8 Arbitrary Read/Write Exercise
2.4 - Arbitrary Code Execution
lock
2.4.1 - Arbitrary Code Execution
lock
2.4.E1 - V8 JIT Overwrite Exercise
lock
2.4.E2 - JSC JIT Overwrite Exercise
3 - JavaScript Execution and JIT Compilation
3.1 - JavaScript Runtime & Execution
lock
3.1.1 - JavaScript Runtime and Execution
lock
3.1.E1 - JIT Intro Exercise
3.2 - Turbofan Fundamentals
lock
3.2.1 - Turbofan Fundamentals
lock
3.2.E1 - Turbofan Graph Exercise
3.3 - Turbofan Optimizations and Typing
lock
3.3.1 - Turbofan Optimizations and Typing
3.4 - Turbofan Speculative Typing
lock
3.4.1 - Turbofan Speculative Typing
3.5 - JIT Bug Patterns
lock
3.5.1 - Turbofan Speculative Optimizations
lock
3.5.E1 - Check Maps Exercise
lock
3.5.E2 - Side Effect Exercise
lock
3.5.E3 - Code Dependency Exercise
4 - Exploit Engineering
4.1 - Browser Exploit Mitigations
lock
4.1.1 - Browser Exploit Mitigations
4.2 - Renderer-Only Attacks
lock
4.2.1 - Renderer Only Attacks
lock
4.2.E1 - SOP Bypass Exercise
4.3 - Browser Sandboxing
lock
4.3.1 - Browser Sandboxing
4.4 - Fuzzing Web Browsers
lock
4.4.1 - Introduction to Browser Fuzzing
4.5 - Chrome N-Day Exploit
lock
4.5.E1 - Chrome V8 N-day Exercise