Modern web browsers pose a challenging and attractive target for security researchers. However, with ever growing codebases and increasing code complexity, the barrier to entry for security research in this area has been rising as well. This training is designed to prepare students for a successful entry into this field. Students will learn to identify, analyze, and exploit vulnerabilities in the context of a web browser renderer process. Through various hands-on exercises, students get practical experience and gain a good understanding of the respective code bases. Exercises will be designed for Chrome and Firefox, although many of them can also be completed on Edge and/or Safari.
While no previous experience with browser internals is required, students should be moderately familiar with memory corruption exploitation, low-level process internals, common debuggers, and C++. For students that do not wish to install compiler toolchains etc. directly on their laptops, Linux-based virtual machine images will be provided.