C3Subtitles: 35c3: From Zero to Zero Day
back

From Zero to Zero Day

If you suspend your transcription on amara.org, please add a timestamp below to indicate how far you progressed! This will help others to resume your work!

Please do not press “publish” on amara.org to save your progress, use “save draft” instead. Only press “publish” when you're done with quality control.

Video duration
00:48:28
Language
English
Abstract
In this talk I will share my story of how in a little over a year, a high school student with almost zero knowledge in security research found his first RCE in Edge.

After starting my BSc in CS and Math I picked up a new hobby: solving coding challenges. The next logical step was to try harder challenges, which lead me to participate in CTF competitions. During these CTFs I found that I’m fascinated by vulnerabilities: finding mistakes or things that developers failed to think through. This is how I started going down the rabbit hole.

Fast forward a year later, I found my first 0-day, a critical RCE in Edge. To understand it, we will review the recent trend of JIT Type Confusion vulnerabilities in ChakraCore. I will talk about the vulnerability I found, explain how I discovered it and show similar vulnerabilities recently found by other researchers. Finally, I will demo a working exploit of this vulnerability.

This session could be helpful both for people interested in getting into the security field, and for experienced security researchers who want to learn more about browser vulnerabilities and exploitation.

Talk ID
9657
Event:
35c3
Day
3
Room
Clarke
Start
11:30 a.m.
Duration
01:00:00
Track
Security
Type of
lecture
Speaker
Jonathan Jacobi
0.0% Checking done0.0%
0.0% Syncing done0.0%
0.0% Transcribing done0.0%
100.0% Nothing done yet100.0%

English: Transcribed until

Last revision: unknown