Advancements in JavaScript Engine Fuzzing

Agenda Events Location & Notice Sponsor Team CoC 中文 Login

Agenda Events Location & Notice Sponsor Team CoC

中文

Agenda

09:00

10:00

10:10

11:00

11:20

12:00

13:00

13:40

14:00

14:40

15:10

15:35

15:50

16:00

16:30

17:20

18:00

Attendant Registration Time

Welcome Speech

English

Red

Exploit Development

Fuzzing

Advancements in JavaScript Engine Fuzzing

Carl Smith

Break

Mandarin

🍊

Red

Exploit Development

A 3-Year Tale of Hacking a Pwn2Own Target: The Attacks, Vendor Evolution, and Lesson Learned

Orange Tsai

English

Red

Communication

How to hijack a VoLTE network

Pavel Novikov

Mandarin

Blue

Crypto

打造公平的遊戲轉蛋：在不洩漏原始碼的前提下驗證虛擬轉蛋的機率

Jing Jie Wang, 李安傑

Lunch

English

Red

Exploit Development

Ghosts of the Past: Classic PHP RCE Bugs in Trend Micro Enterprise Offerings.

Poh Jia Hao

Mandarin

Red

Communication

Reverse Engineering

Decrypting the Secrets of Network Connectivity Devices through Hardware Attacks

Ta-Lun Yen

Mandarin

Red

Exploit Development

BYOVD

Uncovering Kernel Exploits: Exploring Vulnerabilities in AMD's Windows Kernel Drivers

Zeze

Break

Mandarin

Red

Exploit Development

Endpoint Security or End of Security? Exploiting Trend Micro Apex One

Lays, Lynn

English

Red

Electron

ELECTRONizing macOS privacy - a new weapon in your red teaming armory

Wojciech Reguła

Mandarin

Red

Exploit Development

Fuzzing

搭配模糊測試對Linux核心遠端檔案系統進行漏洞挖掘

Pumpkin

Elk on Sesame Street - Cybersecurity Analysis in Action with ELK and BERT

Sheng-Shan Chen, Yuki Hung

Tea Time

Mandarin

Red

BYOVD

LPE

現代內核漏洞戰爭 - 越過所有核心防線的系統/晶片虛實混合戰法

馬聖豪

English

Red

Exploit Development

Electron

Virtual

What You See IS NOT What You Get: Pwning Electron-based Markdown Note-taking Apps

Li Jiantao

協會時間

Allen Own, CK

Break

Lightning Talk

freetsubasa & Hazel, NoBody

Closing

收場

09:00

Attendant Registration Time

10:00

Welcome Speech

10:10

English

Red

Exploit Development

Fuzzing

Advancements in JavaScript Engine Fuzzing

Carl Smith

11:00

Break

11:20

Mandarin

🍊

Red

Exploit Development

A 3-Year Tale of Hacking a Pwn2Own Target: The Attacks, Vendor Evolution, and Lesson Learned

Orange Tsai

English

Red

Communication

How to hijack a VoLTE network

Pavel Novikov

Mandarin

Blue

Crypto

打造公平的遊戲轉蛋：在不洩漏原始碼的前提下驗證虛擬轉蛋的機率

Jing Jie Wang, 李安傑

12:00

Lunch

13:00

English

Red

Exploit Development

Ghosts of the Past: Classic PHP RCE Bugs in Trend Micro Enterprise Offerings.

Poh Jia Hao

Mandarin

Red

Communication

Reverse Engineering

Decrypting the Secrets of Network Connectivity Devices through Hardware Attacks

Ta-Lun Yen

Mandarin

Red

Exploit Development

BYOVD

Uncovering Kernel Exploits: Exploring Vulnerabilities in AMD's Windows Kernel Drivers

Zeze

13:40

Break

14:00

Mandarin

Red

Exploit Development

Endpoint Security or End of Security? Exploiting Trend Micro Apex One

Lays, Lynn

English

Red

Electron

ELECTRONizing macOS privacy - a new weapon in your red teaming armory

Wojciech Reguła

Mandarin

Red

Exploit Development

Fuzzing

搭配模糊測試對Linux核心遠端檔案系統進行漏洞挖掘

Pumpkin

Elk on Sesame Street - Cybersecurity Analysis in Action with ELK and BERT

Sheng-Shan Chen, Yuki Hung

14:40

Tea Time

15:10

Mandarin

Red

BYOVD

LPE

現代內核漏洞戰爭 - 越過所有核心防線的系統/晶片虛實混合戰法

馬聖豪

English

Red

Exploit Development

Electron

Virtual

What You See IS NOT What You Get: Pwning Electron-based Markdown Note-taking Apps

Li Jiantao

協會時間

Allen Own, CK

15:50

Break

16:00

Lightning Talk

freetsubasa & Hazel, NoBody

16:30

Closing

17:20

收場

English

Red

Exploit Development

Fuzzing

Advancements in JavaScript Engine Fuzzing

Instant Q&A Presentation

Site

10:10 ~ 11:00

Sat, Aug 19

Keynote

Type

What’s new in JavaScript engine fuzzing, and what might still be to come? This talk will dive into the unique challenges and opportunities of JavaScript engine fuzzing. For example, while the bugs typically found in modern JavaScript engines often require complex interactions to trigger, the nature of JavaScript also makes it possible to use features like runtime introspection to generate smarter testcases. Various new fuzzing techniques specifically for dynamic language interpreters will be discussed and have been implemented in the open-source fuzzer Fuzzilli. Along the way, some noteworthy bugs will also be presented.

Carl Smith

Carl Smith is a Security Engineer on Google's V8 Security Team. He previously interned at Exodus Intelligence and Google Project Zero. He is interested in fuzzing, compilers and security research. He can be reached on twitter, mastodon and bsky: @cffsmith / [email protected] / @rwx.page.