Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Advancements in JavaScript Engine Fuzzing - OffensiveCon 2023

OffensiveCon via YouTube

Overview

Explore advancements in JavaScript engine fuzzing through this conference talk by Samuel Groß and Carl Smith at OffensiveCon23. Delve into topics such as splicing, converting to JavaScript, and finding bugs through code coverage analysis. Learn about probing, mutator techniques, and examine real-world bug examples, including expiration issues. Discover cold coverage feedback methods and complexity analysis tools like Wildback. Gain insights into program templates, hybrid engines, and regular expression engines. Investigate mini fuzzers, destructialization techniques, and program space concepts. This 23-minute presentation offers a comprehensive overview of cutting-edge JavaScript engine fuzzing techniques for security researchers and developers.

Syllabus

Intro
Overview
Quick Recap
Splicing
Converting to JavaScript
Finding bugs
What is code coverage
Where are the bugs
A classic bug
probingmutator
Bug example
Expiration example
Cold coverage feedback
Complexity analysis
Wildback
Example
Program Templates
Hybrid Engine
Regular Expression Engine
Mini Fuzzers
Destroyalization
Program Space
Summary

Taught by

OffensiveCon

Reviews

Start your review of Advancements in JavaScript Engine Fuzzing - OffensiveCon 2023

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.