Explore the cutting-edge techniques in software exploitation revealed at Pwn2Own 2016 in this Black Hat conference talk. Delve into the intricacies of eight winning browser-to-super-user exploitation chains, encompassing 21 total vulnerabilities. Gain insights into modern browser exploitation, the complexities of kernel Use-After-Free exploitation, and the surprising simplicity of exploiting logic errors and directory traversals in the kernel. Analyze attack vectors, root causes, exploitation techniques, and potential remediations for the presented vulnerabilities. Understand the limitations of application sandboxing and the persistent threat of kernel exploitation in achieving complete system compromise. Discover why these advanced exploitation techniques are considered "shell on earth" for security researchers and attackers alike in this 49-minute presentation by Matt Molinyawe, Jasiel Spelman, Abdul-Aziz Hariri, and Joshua Smith.
Overview
Syllabus
$Hell on Earth: From Browser to System Compromise
Taught by
Black Hat
Related Courses
-
Abusing Silent Mitigations - Understanding Weaknesses Within Internet Explorer
-
The Most Secure Browser? Pwning Chrome from 2016 to 2019
-
This is for the Pwners - Exploiting a WebKit 0-day in PlayStation 4
-
From Finding New Type of Logical Flaw at Linux Kernel to Developing New Heap Exploitation Technique
-
The Art of Exploiting UAF by Ret2bpf in Android Kernel
-
From Logic to Memory - Winning the Solitaire in Reparse Points
