- About Goa'15
- Schedule
- Venue
- Speakers
- Training
- CFP
- Recreation
- Blackshield Awards
- CTF
- Sponsors
- Exhibition
- Job Fair
- CXO Track
- Bugbash
- Goa'15
- Training
- Xtreme Browser Fuzzing
Trainer Name: Amol Naik and Anil Aphale
Title: Xtreme Browser Fuzzing
Duration: 2 Days
Date: 4th and 5th February 2015
Objective
This course focus on findings & exploiting bugs in leading browsers. This hands-on training will help participants to develop their own fuzzers. The course also covers domain of the fuzzing, frameworks and analysing the crashes. Bugs like Use-After-Free & Heap Corruptions/Overflow will be discussed as case study with in-depth analysis using debuggers.
Course Outline Day wise
Day 1
Introduction to Browser Fuzzing
- What is browser Fuzzing?
- Why We do Fuzzing?
- Browsers Internals
- What to fuzz?
Types of fuzzers
- Introduction to Static Fuzzer
- Introduction to Dynamic Fuzzer
- Difference between both
Hands on static fuzzer like radamsa
- What is Radamsa
- How we can collect templates
- How to generate testcases
- Executing testcases on browsers
- Pros & Cons
Hands on dynamic fuzzer (grinder)
- What is Grinder
- Different Components of grinder
- Creating own grinder supporting fuzzer
- Running it on Internet Explorer 9
- Pros & Cons
Day 2
Hybrid fuzzing framework
- Introduction to Hybrid fuzzing Framework
- Architecture of Framework
- Creating Fuzzer
- Running it against different browsers
Introduction To WinDbg for Crash Analysis
- What Is Windbg
- Why Windbg over Ollydbg & Immunity
- Attaching Process to windbg for crash analysis
- Windbg commads and various window
- Creating Break Point for analysis
Case Study
- Crash analysis
- Use After Free Vulnerability
- Heap Corruptions/Overflows
- Heap Spray to Control Crash
Reporting bugs/exploits
- How to report bugs/exploits
- Some Statistics
Prerequisies if any required
- Working knowledge of scripting languages like Python
- Working knowledge of HTML & Javascript
- Basics of x86 Assembly
What you need to bring
- Laptop with Administrative Rights
- Latest version of VMW are Player installed on your system
- Laptop should have minimum 4GB of RAM
What to expect
- Hands-on experience on each topic
- 2 days of debugging & disassembling
What not to expect
- Our own fuzzers
Amol Naik (@amolnaik4)
AMol works as Web Application Pentester for daily bread-n-butter. He developed browser fuzzing as hobby 2 years ago and now working on it as second job. He has found many flaws in Internet Explorer 9 & 10. Few of them are as follows
- Microsoft Internet Explorer SmartDispClient Type Confusion Remote Code Execution Vulnerability (CVE-2013-3124)
- Microsoft Internet Explorer CTreePos Use-After-Free Remote Code Execution Vulnerability (CVE-2013-3125)
- Microsoft Internet Explorer CTreePos Use-After-Free Remote Code Execution Vulnerability (CVE-2013-3846)
- Microsoft Internet Explorer CFontElement Use-After-Free Remote Code Execution Vulnerability (CVE-2013-3874)
- Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-0297)
- Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-0309)
- Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-1755)
Anil Aphale (@41w4r10r)
Anil Aphale is Security Researcher. He works in threat intelligence organization for food and find various security vulnerabilities in various products for fun. Some of his work includes privilege escalation vulnerability in symantec product, remote code execution vulnerability in f-secure anti virus and multiple use after free vulnerability in chrome, internet explorer browsers. He was speaker at nullcon 2012 and disclosed content sniffing algorithm bypass vulnerability in Internet Explorer.