Practical Web Browser Fuzzing TrainingKickstart your journey into the intricate world of web browser 2025-1-23 08:43:10 Author: fuzzinglabs.com(查看原文) 阅读量:15 收藏
Practical Web Browser Fuzzing Training
Kickstart your journey into the intricate world of web browser fuzzing at OffensiveCon 2025! This exclusive training, led by experts Patrick Ventuzelo and Tanguy Duhamel, is your opportunity to master advanced fuzzing techniques and uncover vulnerabilities in some of the most widely used software globally.
Web browsers are among the most complex software systems, managing untrusted web data with millions of lines of code. Inevitably, bugs slip through the cracks, making security essential. This hands-on training will equip participants with the skills to apply fuzzing techniques for identifying critical vulnerabilities in leading web browser implementations like Chrome, Firefox, and WebKit.
The training begins with an introduction to modern web browser architecture, followed by practical sessions using tools like Honggfuzz, Domato, Fuzzilli, and AFL++. Participants will gain expertise in fuzzing browser components such as DOM, JavaScript engines, JIT compilers, WebAssembly, and IPC. Real-world use cases ensure a practical, impactful learning experience.
OffensiveCon (Berlin, Germany)
Patrick Ventuzelo & Tanguy Duhamel
Day 1
- Morning: Browser Internals and Fuzzing Basics (Module 1)
- Afternoon: Fuzzing DOM & Rendering Engines (Module 2)
Day 2
- Morning: Fuzzing DOM & Rendering Engines (Module 2)
- Afternoon: Fuzzing JavaScript Engines & JIT Compilers (Module 3)
Day 3
- Morning: Fuzzing JavaScript Engines & JIT Compilers (Module 3)
- Afternoon: Fuzzing WebAssembly Compilers & APIs (Module 4)
Day 4
- Morning: Fuzzing WebAssembly Compilers & APIs (Module 4)
- Afternoon: Fuzzing IPC and Other Components (Module 5)
Patrick Ventuzelo
Patrick Ventuzelo is a senior security researcher, CEO & founder of Fuzzinglabs. After working for the French Ministry of Defense, he specialized in fuzzing, vulnerability research, and reverse engineering. Over the years, Patrick has created multiple fuzzers, found hundreds of bugs, and published various blog posts/videos/tools on topics like Rust, Go, Blockchain, WebAssembly, and Browser security. Patrick is a regular speaker and trainer at various security conferences around the globe, including BlackHat USA, OffensiveCon, REcon, RingZer0, PoC, ToorCon, hack.lu, NorthSec, SSTIC, and others.
Tanguy Duhamel
Tanguy Duhamel is the Lead Developer on FuzzingLabs' distributed fuzzing platform, collaborating with Patrick Ventuzelo on code auditing, fuzzer development, and security research. His research focuses on advancing distributed fuzzing techniques to improve software security, with a strong foundation in Rust for building high-performance tools.
Module 1: Introduction to Browser Fuzzing
- Introduction to Fuzzing
- Modern Browser Architecture & major Components
- Setting up a Testing and Debugging environment
- Compile and Explore famous browser codebases
- Fuzzing Web Browsers Fundamentals
- Improving your Fuzzing Workflow & Automation
Module 2: Fuzzing DOM & Rendering engines
- Introduction to the Rendering engine
- HTML/CSS/XML Parsing
- Analysis of existing CVEs, Issues, and PoCs
- Blink, Gecko & WebKit Fuzzing
- DOM rendering & Implementation
- Fuzzing DOM using Grammar-based Fuzzing
Module 3: Fuzzing JavaScript Engines & JIT Compilers
- JavaScript Engine Internals & APIs
- Memory management and Garbage collection
- Analysis of existing CVEs, Issues, and PoCs
- V8, Spidermonkey & JavaScriptCore Fuzzing
- JIT compilers Internals
- TurboFan and IonMonkey Fuzzing
Module 4: Fuzzing WebAssembly Compilers & APIs
- Introduction to WebAssembly
- VM Architecture & Implementation
- Analysis of existing CVEs, Issues, and PoCs
- Fuzzing WebAssembly JavaScript APIs
- WebAssembly compilers internals
- WebAssembly In-process Fuzzing
Module 5: Fuzzing IPC and other Components
- Inter-Process Communication (IPC) Internals
- Analysis of existing CVEs, Issues, and PoCs
- Fuzzing Chrome Mojo/Legacy IPC
- Discovery of other Components Implementation
- Networking/Data Persistence APIs
- Fuzzing Media and other Plugins
Prerequisites and requirements
- Familiarity with scripting (Python, Bash) and Linux.
- Familiarity with C/C++ and JavaScript.
- A working laptop capable of running virtual machines
- 8GB RAM required, at a minimum
- 80 GB free Hard disk space
- VirtualBox
- Administrator/root access MANDATORY
Founded in 2021 and headquartered in Paris, FuzzingLabs is a cybersecurity startup specializing in vulnerability research, fuzzing, and blockchain security. We combine cutting-edge research with hands-on expertise to secure some of the most critical components in the blockchain ecosystem.
Contact us for an audit or long term partnership!
Any questions about our services and trainings ?
Let’s work together to ensure your peace of mind.
如有侵权请联系:admin#unsafe.sh