The Art of WebKit Exploitation
I have just presented my first ever talk, “The Art of WebKit Exploitation” at BSides Delhi 2019 — for those not at the conference, it’s a talk about everything I’ve learnt exploiting the WebKit browser engine.
Preparing and presenting this talk has been an amazing experience for me — and it would not have been possible without the seminal works I’ve had an opportunity to refer to. As promised, here’s a list of everything I’ve read or watched in preparation for this talk.
- Luca Todesco, A Few JSC Tales.
- Wandering Glitch for the Zero Day Initiative, Inverting Your Assumptions: A Guide to JIT.
- LiveOverflow’s WebKit Exploitation Series.
- Niklas Baumstark’s Regex JSC exploit, which also exploits an un-modelled side effect triggered by setting the
lastIndexproperty on a Regex object and acchieves UXSS.
Also, major thanks to Luca for the bug putting up with my incessant barrage of questions.