Practical Web Browser Fuzzing
Patrick Ventuzelo & Tanguy Duhamel

Dates

12th-15th of May 2025

Capacity

20

Price

4.800€

Overview

Web browsers are among the most widely used and essential software globally. With millions of lines of code, they manage, sanitize, and interpret various types of untrusted web data. Given the complexity of these systems, which involve compilers, interpreters, and parsing libraries, it is inevitable that developers will introduce bugs. 

This training will focus on applying various fuzzing techniques to uncover critical vulnerabilities in different web browser implementations.

The course will start by providing you with the necessary background to understand modern web browser architecture and key components. You will then explore a straightforward testing environment designed for replaying, debugging, minimizing, and analyzing existing issues, CVEs, and PoCs. Through dedicated modules, you will learn to fuzz essential browser components like the DOM, JavaScript engines, JIT compilers, WebAssembly, and IPC. You will gain experience using well-known tools (such as Honggfuzz, Domato, Dharma, Fuzzilli, Afl++) and creating custom fuzzers to apply various techniques (coverage-guided, grammar-based, in-process fuzzing) to rediscover known vulnerabilities and potentially identify new ones.

This hands-on training focuses on real-world use cases and applies to Google Chrome, Firefox, and WebKit/JSC, ensuring you gain practical expertise. 

Topics Covered

Module 1: Browser Internals and Fuzzing Basics

  • Introduction to fuzzing
  • Modern browser architecture & major components
  • Setting up a testing and debugging environment
  • Compile and explore famous browser codebases
  • Fuzzing web browsers fundamentals
  • Improving your fuzzing workflow & automation

Module 2: Fuzzing DOM & Rendering engines

  • Introduction to the rendering engine
  • HTML/CSS/XML parsing
  • Analysis of existing CVEs, issues, and PoCs
  • Blink, Gecko & WebKit fuzzing
  • DOM rendering & implementation
  • Fuzzing DOM using grammar-based fuzzing

Module 3: Fuzzing JavaScript Engines & JIT Compilers

  • JavaScript engine internals & APIs
  • Memory management and garbage collection
  • Analysis of existing CVEs, issues, and PoCs
  • V8, Spidermonkey & JavaScriptCore fuzzing
  • JIT compilers internals
  • TurboFan and IonMonkey fuzzing

Module 4: Fuzzing WebAssembly Compilers & APIs

  • Introduction to WebAssembly
  • VM architecture & implementation
  • Analysis of existing CVEs, issues, and PoCs
  • Fuzzing WebAssembly JavaScript APIs
  • WebAssembly compilers internals
  • WebAssembly In-process fuzzing

Module 5: Fuzzing IPC and other Components

  • Inter-Process Communication (IPC) internals
  • Analysis of existing CVEs, issues, and PoCs
  • Fuzzing Chrome Mojo/Legacy IPC
  • Discovery of other components' implementation
  • Networking/Data Persistence APIs
  • Fuzzing media and other plugins 

Prerequisite Knowledge

  • Familiarity with scripting (Python, Bash)
  • Basic understanding of Linux

Required Hardware and Software

  • Laptop capable of running virtual machines
  • Minimum 8GB RAM and 80GB free hard disk space
  • VirtualBox installed
  • Administrator/root/USB access

Schedule

  • Day 1
    • o Morning: Browser Internals and Fuzzing Basics (Module 1)
    • o Afternoon: Fuzzing DOM & Rendering Engines (Module 2)
  • Day 2
    • o Morning: Fuzzing DOM & Rendering Engines (Module 2)
    • o Afternoon: Fuzzing JavaScript Engines & JIT Compilers (Module 3)
  • Day 3
    • o Morning: Fuzzing JavaScript Engines & JIT Compilers (Module 3)
    • o Afternoon: Fuzzing WebAssembly Compilers & APIs (Module 4)
  • Day 4
    • o Morning: Fuzzing WebAssembly Compilers & APIs (Module 4)
    • o Afternoon: Fuzzing IPC and Other Components (Module 5)

Bio

Patrick Ventuzelo is a senior security researcher, CEO & founder of Fuzzinglabs. After working for the French Ministry of Defense, he specialized in fuzzing, vulnerability research, and reverse engineering. Over the years, Patrick has created multiple fuzzers, found hundreds of bugs, and published various blog posts/videos/tools on topics like Rust, Go, Blockchain, WebAssembly, and Browser security. Patrick is a regular speaker and trainer at various security conferences around the globe, including BlackHat USA, OffensiveCon, REcon, RingZer0, PoC, ToorCon, hack.lu, NorthSec, SSTIC, and others.

Patrick Ventuzelo

Patrick Ventuzelo

Tanguy Duhamel is the Lead Developer on FuzzingLabs' distributed fuzzing platform, collaborating with Patrick Ventuzelo on code auditing, fuzzer development, and security research. His research focuses on advancing distributed fuzzing techniques to improve software security, with a strong foundation in Rust for building high-performance tools.

Tanguy Duhamel

Tanguy Duhamel

Limited Seats - Remember to reserve your ticket!

register now