Web browsers are among the most utilized consumer facing software products on the planet. As the ubiquitous gateway to the internet, browsers introduce significant risk to the integrity of personal computing devices. In the race to protect users while advancing web technology, premiere browsers have become increasingly complex targets to compromise. Over the course of this training, students will receive a thorough introduction to vulnerability research as it pertains to modern web browsers. This includes identifying, evaluating, and weaponizing the latest vulnerability patterns via the exploitation of several recently patched vulnerabilities. Through this, students will experience the end to end process of developing memory corruption based exploits against these high value targets. This course will focus specifically on Google Chrome and Apple Safari.
Amy is a security researcher and co-founder of RET2 Systems, where she specializes in browser security and mitigation bypass. She has spoken about and previously led trainings on advanced browser exploitation techniques at private events and conferences. She and her team developed and publicly demonstrated a remote code exploit against Safari for Pwn2Own 2018, which also leveraged a macOS bug to gain root level code execution.