Overview
Explore advancements in JavaScript engine fuzzing through this conference talk by Samuel Groß and Carl Smith at OffensiveCon23. Delve into topics such as splicing, converting to JavaScript, and finding bugs through code coverage analysis. Learn about probing, mutator techniques, and examine real-world bug examples, including expiration issues. Discover cold coverage feedback methods and complexity analysis tools like Wildback. Gain insights into program templates, hybrid engines, and regular expression engines. Investigate mini fuzzers, destructialization techniques, and program space concepts. This 23-minute presentation offers a comprehensive overview of cutting-edge JavaScript engine fuzzing techniques for security researchers and developers.
Syllabus
Intro
Overview
Quick Recap
Splicing
Converting to JavaScript
Finding bugs
What is code coverage
Where are the bugs
A classic bug
probingmutator
Bug example
Expiration example
Cold coverage feedback
Complexity analysis
Wildback
Example
Program Templates
Hybrid Engine
Regular Expression Engine
Mini Fuzzers
Destroyalization
Program Space
Summary
Taught by
OffensiveCon