UsefulLinks
Computer Science
Cybersecurity
Browser Security and Exploitation
1. Introduction to Browser Security
2. Browser Architecture Fundamentals
3. Web Technology Foundations
4. Browser Security Models
5. Vulnerability Classifications
6. Browser Exploitation Methodology
7. Exploitation Primitives and Techniques
8. JavaScript Engine Exploitation
9. DOM and Rendering Engine Exploitation
10. Browser Hardening and Mitigations
11. Vulnerability Research Methods
12. Browser Extensions and Plugin Security
13. Emerging Attack Surfaces
14. Security Analysis Tools
6.
Browser Exploitation Methodology
6.1.
Initial Code Execution
6.1.1.
Vulnerability Triggering
6.1.1.1.
Input Vector Identification
6.1.1.2.
Exploit Payload Delivery
6.1.1.3.
Reliability Improvement
6.1.2.
Control Flow Hijacking
6.1.2.1.
Instruction Pointer Control
6.1.2.2.
Return Address Overwrite
6.1.2.3.
Virtual Function Table Corruption
6.1.3.
Shellcode Execution
6.1.3.1.
Shellcode Development
6.1.3.2.
Payload Encoding
6.1.3.3.
Environment Constraints
6.2.
Mitigation Bypass Techniques
6.2.1.
Address Space Layout Randomization Bypass
6.2.1.1.
Information Leak Exploitation
6.2.1.2.
Heap Spray Techniques
6.2.1.3.
Partial ASLR Bypass
6.2.2.
Data Execution Prevention Bypass
6.2.2.1.
Return-Oriented Programming
6.2.2.2.
Jump-Oriented Programming
6.2.2.3.
JIT Code Reuse
6.2.3.
Control Flow Integrity Bypass
6.2.3.1.
CFI Policy Violations
6.2.3.2.
Indirect Call Target Manipulation
6.2.3.3.
Virtual Function Exploitation
6.2.4.
Stack Protection Bypass
6.2.4.1.
Stack Canary Bypass
6.2.4.2.
Exception Handler Corruption
6.2.4.3.
Thread Local Storage Manipulation
6.3.
Sandbox Escape Techniques
6.3.1.
Kernel Exploitation
6.3.1.1.
Kernel Vulnerability Discovery
6.3.1.2.
Privilege Escalation Exploits
6.3.1.3.
Kernel Address Space Layout Randomization Bypass
6.3.2.
IPC Channel Abuse
6.3.2.1.
Message Forgery
6.3.2.2.
Deserialization Attacks
6.3.2.3.
Broker Process Exploitation
6.3.3.
Hardware Abstraction Layer Exploitation
6.3.3.1.
Device Driver Vulnerabilities
6.3.3.2.
Hardware Interface Abuse
Previous
5. Vulnerability Classifications
Go to top
Next
7. Exploitation Primitives and Techniques