Chrome, as one of the most commonly used browsers, presents an attractive target for security researchers. Playing a major role in the Android ecosystem, Chrome browser exploitation is an essential part of traditional 1-click chains. Given the rising complexity and the number of exploitation mitigations, this training attempts to address the entry barrier into browser exploitation for novice researchers. This training focuses on the Chrome renderer exploitation (RCEs) - the first step in gaining arbitrary code execution on the device. The focus is primarily on v8 vulnerabilities and common exploitation techniques covering both 32-bit and 64-bit Chrome versions on Android 13/14. It is largely self-contained and provides a generous amount of background information required to bootstrap your own Chrome research. Similar to our other trainings, the course is structured as several theory modules (providing the necessary background material), followed by hands-on lab exercises demonstrating learned concepts in practice. The main target for this training is 64-bit Chrome. Where applicable, any differences with 32-bit will be briefly discussed.
Vitaly is a security researcher at DUASYNT specializing in reverse engineering and exploit development. He has a solid academic background in programming languages, code analysis and algorithms. His current area of research is mobile security/operating systems (kernel space exploitation techniques and countermeasures).
POC Conference is made possible thanks to the support of our sponsors. Their continued partnership has played a vital role in sustaining and growing POC over the years. We sincerely thank them for their contribution.
Sponsorship Kit is not ready yet. Please check back later.
