hoseok Lee
The team leader of EQST Lab in SK Shieldus,
Executive Manager of the Ransomware Response Center (KARA-Korean Anti Ransomware Alliance)
- Researching on new vulnerabilities and Identifying of Cybersecurity Trends
- Managing Cybersecurity Consulting Projects
- Delivered Various presentations on attack threats and ransomware trends
- https://x.com/EQSTLab
- https://www.skshieldus.com/eng/business/insight.do
Session
Many Chrome exploits can lead to execution of remote code and most of these exploits started out with a vulnerability in V8. So, many Experts dive into bug bounty to find potentially exploitable vulnerabilities. But, there is a significant lack of publicly available analysis guides for beginners to start, and it is challenging to analyze the technical meanings using only documents.
We will share the detailed steps needed for beginners who have yet to experience about V8 exploits. First, we describe the detailed structure (memory, object, etc.) and mechanism. Furthermore, we explore bugs via d8 debugger and explain step-by-step how to write exploit code.
The audience will have the opportunity to learn and experience V8 exploit techniques by not only studying the theory but also analyzing the V8 engine through hands-on training. The hands-on training will be conducted through our VDI environment, therefore the audience can access and enjoy it freely with their personal laptops without setting up a practice environment.
※ The audience will be able to enjoy interesting and valuable training in a comfortable practice environment.
We hope that this workshop will encourage many beginners to dive into V8 vulnerability research.