Explore data-only attacks against dynamic scripting environments in this 32-minute Black Hat conference talk. Delve into the vulnerabilities of web browsers and modern applications that embed scripting engines for interactive content. Understand how just-in-time compilation, used to optimize performance, can be exploited by adversaries to achieve code execution or elevate privileges. Learn about the corruption of sensitive data, such as the intermediate representation of optimizing JIT compilers, and discover the various defenses being developed to protect just-in-time compilers. Gain insights from speaker Taemin Park on the evolving landscape of security threats and countermeasures in JavaScript engines.
Overview
Syllabus
NoJITsu: Locking Down JavaScript Engines
Taught by
Black Hat