Fuzzing Javascript Engines for Fun and Pwnage


Web browser security is a hot and important research area. If a web browser is vulnerable, users can be affected by malware without their knowledge, or give the attacker control over their machines.

In this presentation, we will introduce methods to find vulnerabilities in Javascript Engines for web browsers via fuzzing.

We will talk about creating components for the fuzzer, and generating Javascript syntax efficiently. We will also reveal our own crash classification method and parallel fuzzing framework. In addition, we will share some tips for patternizing the results of 1-day case analysis for creating random javascript syntax and our custom pattern – L.E.G.O.

If we find an exploitable 0day vulnerability before #HITB2018AMS, we will disclose that too ๐Ÿ™‚

Location: Track 1 Date: April 12, 2018 Time: 5:30 pm - 6:30 pm Areum Lee Jeonghoon Shin