What is a Browser Security Sandbox?! (Learn to Hack Firefox)

Описание к видео What is a Browser Security Sandbox?! (Learn to Hack Firefox)

It's surprisingly easy to do security research on Firefox trying to find sandbox escapes. You should give it a try!

Long video version (stream Q&A):    • Examining JavaScript Inter-Process Co...  

The Original Article: https://blog.mozilla.org/attack-and-d...
Fuzzing IPC: https://blog.mozilla.org/attack-and-d...
Mozilla Bug Bounty: https://www.mozilla.org/en-US/securit...

00:00 - Intro
01:44 - What is a Process Sandbox?
03:04 - How to Implement a Sandbox?
03:43 - Introducing Inter Process Communication (IPC)
05:17 - Why Browsers Need a Complex Sandbox Architecture
07:19 - Browser Exploitation requires Sandbox Escape
08:42 - Strategy 1: OS Sandbox Implementation Bypass
08:59 - Strategy 2: Attacking the IPC Implementation Layer
09:48 - Strategy 3: IPC Logic Bugs
10:10 - HTML/JS Components in Firefox
11:21 - IPC Messages Implemented in JavaScript
11:58 - Setting Up Firefox Nightly For Debugging
13:20 - alert() IPC Message Handler
14:04 - IPC Message Sender
15:21 - Send Malicious IPC Messages
16:12 - CVE-2019-11708 Prompt:Open Sandbox Escape
17:13 - Outro

=[ ❤️ Support ]=

→ per Video:   / liveoverflow  
→ per Month:    / @liveoverflow  

=[ 🐕 Social ]=

→ Twitter:   / liveoverflow  
→ Website: https://liveoverflow.com/
→ Subreddit:   / liveoverflow  
→ Facebook:   / liveoverflow  

Комментарии

Информация по комментариям в разработке