Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

The Power of Pair - One Template that Reveals 100+ UAF IE Vulnerabilities

Black Hat via YouTube

Overview

Explore a powerful browser fuzzing strategy that uncovered over 100 Internet Explorer use-after-free vulnerabilities in this 34-minute Black Hat conference talk. Learn about the custom-built vulnerability hunting system and unique fuzzing approach that led to 19 CVEs affecting all versions of Microsoft IE. Discover the importance of effective fuzzing strategies in finding critical browser vulnerabilities, and gain insights into the methodology behind explicit and implicit pairing techniques. Examine the implementation, experimentation, and results of this innovative approach to browser security testing, and consider its implications for future vulnerability research.

Syllabus

Introduction
About Us
What is UAF
Is it possible
Zeroday samples
Compatible meta tag
Script function
Problems of randomness
What we learn
IE engineers
Flowchart
First Version
Third Version
Explicit Pairing
Examples
Implicit Pairing
Clear Attribute
Pair Combination
Test Cases
Demo
Implementation
Experimentation
Reboot
Results
Future Work
Thank You
QA

Taught by

Black Hat

Reviews

Start your review of The Power of Pair - One Template that Reveals 100+ UAF IE Vulnerabilities

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.