Results

[Recorded Session]
For over a decade, it has been known that formal verification workflows are sufficient to create software that is free of exploitable bugs. It also appears to be necessary. AI systems are increasing rapidly in their ability to assist in these workflows, and to make them accessible to increasingly less specialist engineers. While AI can also assist with many other workflows, formal verification in some form still seems to be necessary to make AI reliable enough to provide a net benefit to cybersecurity. AI could also be used to formally verify at other levels of abstraction than functional correctness, from the concurrency of distributed systems down to the electromagnetics of the hardware. In a small number of years, this will vastly expand the scope of what can be considered “practical” to formally verify, and most forms of cyberattack will become history. At the same time, formal verification and cybersecurity have crucial roles to play in ensuring and assuring that increasingly powerful AI systems do not go rogue and cause a global catastrophe. Our future could be bright, but our communities need to work together.

The integration of AI features into web browsers are useful for users, but how about for attackers?
In this talk, I will explain the security implications of integrating the AI-powered Edge Copilot into the Microsoft Edge browser, by showcasing multiple vulnerabilities I discovered. Such as stealing content of any site, accessing microphone and camera permissions without user's permission, and so on.
This talk also highlights the interesting integration of a relatively secure system (Edge) with an insecure system (Bing), and how a mitigation enforced by a secure system can be circumvented using an insecure system. Additionally, I will demonstrate how LLM-specific exfiltration techniques can be employed to bypass traditional security mitigations.

Over the past few decades, the attack surface in in-the-wild vulnerabilities has gradually shifted from Win32k to CLFS. Microsoft has been consistently and actively patching these vulnerabilities. Who might become the next target? Last year, MSKSSRV became a hot target for hackers. However, it is just a part of the Kernel Streaming.
In this presentation, we are going to reveal the long-overlooked attack surface for privilege escalation in the Windows Kernel, which we exploited to identify over 20 vulnerabilities in just a few months. Our successful Windows LPE at Pwn2Own Vancouver 2024 was actually one of these vulnerabilities, and it was just the tip of the iceberg. That also allows us to compromise across systems from Windows 7 to Windows 11. Additionally, we delve into a novel proxy-based logical bug class used at Pwn2Own that enables us to pivot ourselves into the kernel to ignore most validations. Meanwhile, we will demonstrate how this kind of bug class can lead to severe consequences, making exploitation straightforward.
Through this talk, we'll share our discovery of this attack surface and the bug class, providing some case studies on the power and elegance of this type of vulnerability. We'll also introduce techniques for identifying and exploring similar vulnerability patterns, empowering attendees to discover and mitigate future security issues in the Windows ecosystem.

Game consoles are among the most locked-down consumer devices on the market. There is also much interest in trying to defeat these protections. To combat this, console manufacturers invest heavily in security and offer monetary rewards for disclosing vulnerabilities.
In this talk, I will show how I broke the TLS network encryption of the PlayStation consoles and claimed the highest available reward, $50'000, for critical vulnerabilities in the consoles. This also caused Sony to push a forced update on all PlayStation consoles globally.
This vulnerability allows an attacker to silently decrypt the PlayStation network traffic to steal sensitive user information or access game data such as enemy locations. The traffic can also be modified to give an unfair advantage in online games or target the console with further attacks.
Vulnerabilities in TLS implementations are especially dangerous as it is usually the only layer of protection for network communication and is relied on everywhere. Proper security testing has also been hard without suitable tools. Last year, I released a tool called `certmitm` that I used to find this and hundreds of other vulnerabilities. With certmitm, security testing TLS implementations against common vulnerabilities is effortless, and it is a must-have tool for network penetration testing.

To identify a few unique binaries even worth the effort for human experts to analyze from large-scale samples, filter techniques for excluding those highly duplicated program files are essential to reduce the human cost within a restricted period of incident response, such as auto-sandbox emulation or AI detection engine. As VirusTotal reported in 2021 ~90% of 1.5 billion samples are duplicated but still require malware experts to verify due to obfuscation.
In this work, we proposed a novel neural-network-based symbolic execution LLM, CuIDA, to simulate the analysis strategies of human experts, such as taint analysis of the Use-define chain among unknown API calls. Our method can automatically capture the contextual comprehension of API and successfully uncover those obfuscated behaviors in the most challenging detection dilemma including (a.) dynamic API solver, (b.) shellcode behavior inference, and (c.) commercial packers detection WITHOUT unpacking.

Automatic Train Stop (ATS) systems are extensively deployed worldwide, utilizing various approaches tailored to regional and national technologies and integrating legacy systems established decades ago. In this session, we will explore the vulnerabilities within these systems, focusing on Japanese ATS and European counterparts, particularly the Spanish ASFA system, through a live demonstration. We will examine the potential for exploitation by analyzing the internal mechanisms and demonstrate how decoy devices, constructed with inexpensive components, can manipulate train operations by generating rogue signals.

Red Teams are the sparring partner of a mature security organization. Used correctly, they can prevent incidents, increase response times for defenders, and help to improve the overall security posture of products, systems, and entire organizations. By simulating real adversaries based on real-world threat intelligence, they provide a unique opportunity to see the world through an enemy's eyes. To practice in a calm and safe environment what needs to be done quickly and decisive when a real incident occurs.
Building, maintaining, and growing a red team presents a lot of interesting challenges. From more obvious ones, such as picking the most relevant threat actors to simulate, to more subtle ones, such as maintaining implants and other delicate tooling safely, or how to communicate highly technical findings with high level executives and stakeholders effectively.
In this presentation, we will take a closer look at these challenges, what makes them hard, and how to approach solving them based on case studies from my own team at Google, and from conversations with many teams across the globe we had the privilege of supporting in building their internal red teams.

Google has been building Pixel phones based on the Google Tensor series System-on-a Chip (SoC) since the Pixel 6 but not many details about its security architecture and how it enables us to build secure Android devices have been publicly presented. While some of Pixel’s security components, most notably the Titan M2 security chip, have received attention from both independent security researchers and Google’s internal Red Team, a complete picture of how Pixel’s security hardware works together with the software stack that powers a modern Android device has not been presented.
This talk will give an overview of Pixel’s security architecture, starting from the main security features and components of the Google Tensor G4 SoC, introduce the trusted software running on the Tensor Security Core (TSC) and Titan M2, and then give some details on recent security hardening and audit efforts. We will then describe how the software running in the Trusted Execution Environment (TEE), TSC, and Titan M2 enable the secure implementation of key Android security features: Android Verified Boot (AVB), StrongBox (secure user authentication and key management), and File-Based Encryption (FBE) with hardware-wrapped keys.
This talk will show that building a secure mobile device requires close cooperation between hardware and software, a continuous feedback loop between the twoIt requires a design and implementation process that spans multiple layers from SoC to High-Level Operating System (HLOS, Android for Pixel). We will provide a short introduction to each security feature or component discussed before going into details, but basic familiarity with modern mobile devices and Android is assumed.
This talk will present a detailed look at Pixel’s hardware and software security architecture, including efforts on audit, SDLC, and hardening. We expect that the presented security architecture, SDLC, and details about hardening, would be beneficial to a broad audience: manufacturers and engineers designing and building mobile or IoT devices, security engineers working to secure those devices, and highly-technical end users who want to better understand the security architecture of their Android device.
Key takeaways from this talk:
- Modern ARM SoCs provide fundamental security, isolation and mitigation features, but some fundamental security use cases require stronger isolation or discrete hardware.
- Secure design for modern mobile devices spans multiple hardware layers, from SoC to HLOS.
- Building hardware-agnostic abstractions (hardware abstraction layers, HALs) for security
features allows taking advantage of hardware-backed security when available, and graceful fallback without changing the overall architecture.

Malware authors often employ anti-debugging techniques to obstruct analysis.
When executed on a debugger, the malware detects the debugger and either stops its subsequent actions or behaves differently than usual, making analysis difficult.
The number of anti-debugging implementations varies with each malware.
Notably, malware spread through mass-mailing campaigns that affect many organizations,
and popular ransomware has been confirmed to possess multiple anti-debugging techniques.
For example, anti-debugging techniques include VM detection, which checks for a debugging environment,
detection of Breakpoints (which temporarily pause program execution during debugging),
and time difference detection, which utilizes the difference in execution time when analyzing malware with a debugger.
`AntiDebugSeeker` is an open-source plugin for the binary analysis tools IDA and Ghidra, which are frequently utilized by analysts.
It streamlines the malware analysis process by automatically identifying the anti-debugging techniques embedded within Windows malware.
Code with anti-debug capabilities often overlaps with techniques used for anti-analysis, as well as with the preparatory steps for process injection, which are frequently employed by malware.
Therefore, by flexibly customizing the detection rules, it is possible not only to identify anti-debugging features but also to understand the functionalities of the malware.
Furthermore, the tool also provides functionalities to explain these anti-debugging measures and approaches to the corresponding functions.
This enhances the analyst's ability to understand and counteract the malware's evasion techniques effectively, offering a more comprehensive understanding and response strategy against such threats.
In this presentation, we will demonstrate malware analysis and explain how to use the tool's features, providing a practical understanding of how these features can be applied in actual threat scenarios.

Retrieval-Augmented Generation (RAG) systems enhance Large Language Models (LLMs) by integrating retrieval mechanisms with their reasoning capabilities, enabling responses beyond their training data. However, the robustness of RAG systems remains an open question: Is our RAG system robust enough to avoid giving harmful or useless responses under various attacks?
This work explores the extensive attack surfaces of RAG systems, focusing on how attackers can manipulate either the retrieval phase or the LLM generation phase. For instance, attackers might obfuscate knowledge to mislead the retriever, causing LLMs to generate incorrect answers, or exploit LLMs' preferences to reference poisoned information. Beyond incorrect answers, we demonstrate how attackers can deliver malicious instructions, such as disguising phishing links as reference links. In scenarios involving function calling, these techniques could potentially lead to remote code execution (RCE).
To address these threats, we introduce “BullyRAG,” the first open-source comprehensive framework for assessing RAG robustness. BullyRAG targets three main attack objectives: provide misinformation, lure into executing malicious instructions, and RCE. It includes over 10 attack techniques (e.g., invisible control character obfuscation and preference specialization), supports two RAG usage scenarios (question answering and function calling), and integrates with three inference engines (Hugging Face, Llama Cpp, and OpenAPI).
For an accurate evaluation, we also present a novel, auto-updating dataset sourced from ArXiv and news articles, ensuring it remains current and relevant while being excluded from any language model's training data.
At the end, We will use BullyRAG to showcase the evaluation results of many powerful LLMs, aiming to provide an additional measurement perspective beyond accuracy when selecting models.
In conclusion, our research addresses critical aspects of RAG systems by uncovering vulnerabilities, providing a flexible evaluation framework, and offering an up-to-date dataset for comprehensive evaluation purposes, thereby enhancing the robustness of RAG systems.

Echidna is a tool designed to support teams or beginners in conducting penetration testing.
While there are many tools available to assist or automate penetration testing, mastering them requires knowledge of numerous commands and techniques, making it challenging for beginners to learn and carry out penetration testing. Furthermore, when conducting penetration tests in a team, each member tends to work independently, which can lead to duplication of work and lack of visibility of progress for managers and beginners.
Therefore, I developed Echidna, which visualizes and shares the terminal console of penetration testers, and recommends the next command based on each situation. Echidna allows us to attack machines with just clicks, making it possible even for students and beginners to learn attack methods.
This tool has two types: the web application Echidna and the iPad application EchidnaTermApp, which is specifically designed for personal use. In the demo session, I will mainly introduce the newly implemented EchidnaTermApp, which features improved usability, functionality, and performance.

ETW (Event Tracing for Windows) is a feature of Windows OS that aggregates and records events related to the operations of applications and drivers. It is widely used for log management and security monitoring. However, in recent security incident investigations, logs recorded in the Event Log alone are often insufficient to provide adequate information. Therefore, there is a growing demand for mechanisms that can record more detailed information on Windows OS.
ETW has the potential to record more activities than the Event Log and is used for monitoring by many EDR products. On the other hand, attackers are incorporating functions to bypass ETW into malware to evade EDR products.
This session will provide a detailed explanation of incident response techniques using ETW and methods to bypass ETW functions. The presentation will first explain the mechanism of ETW, file formats, and ETW structures. Then, methods to detect malicious activities as well as forensic techniques using ETW will be introduced. In addition, current ETW bypass methods used in malware will also be explained. Finally, the session will cover methods to protect systems from ETW bypass techniques and introduce tools that the speakers have developed for incident response using ETW.

This presentation highlights the indispensable role of SOCs in modern cybersecurity by demonstrating their ability to address complex threat landscapes that traditional security tools cannot, and provides practical tools to enhance SOC effectiveness. By sharing insights into contemporary challenges and offering actionable tools, this presentation aims to empower the cybersecurity community to improve SOC operations and better protect enterprise environments. Additionally, I seek to initiate a discussion not just about the goals and objectives of modern SOCs, but about effective solutions (also offering some tools/PoCs) to the current problems facing the cybersecurity industry.

In this session evilmog a member of Team Hashcat will demonstrate the NTLMv1 multi-tool and the reversion of NTLMv1 challenge responses to NTLM by cracking DES keys.

For over a decade, it has been known that formal verification workflows are sufficient to create software that is free of exploitable bugs.

It also appears to be necessary.

AI systems are increasing rapidly in their ability to assist in these workflows, and to make them accessible to increasingly less specialist engineers.

While AI can also assist with many other workflows, formal verification in some form still seems to be necessary to make AI reliable enough to provide a net benefit to cybersecurity.

AI could also be used to formally verify at other levels of abstraction than functional correctness, from the concurrency of distributed systems down to the electromagnetics of the hardware.

In a small number of years, this will vastly expand the scope of what can be considered “practical” to formally verify, and most forms of cyberattack will become history.

At the same time, formal verification and cybersecurity have crucial roles to play in ensuring and assuring that increasingly powerful AI systems do not go rogue and cause a global catastrophe.

Our future could be bright, but our communities need to work together.

The OSS-Fuzz project, launched by Google in 2016, has discovered over 36,000 software bugs as of August 2023. This project primarily utilizes a technique called “fuzzing,” which is an automated bug detection technology. Although fuzzing is often referred to as an automatic bug detection technique, several manual tasks are required to actually perform fuzzing. These tasks include creating a harness (a program that calls the target software), generating fuzzing binaries, adjusting command-line arguments, and preparing initial seeds. Especially when fuzzing multiple different software programs, these tasks become obstacles (factors hindering automation) that prevent the entire fuzzing workflow from being fully automated. As a result, it becomes difficult to efficiently perform fuzzing across a wide variety of software.
We have developed a system called PkgFuzz, which addresses these obstacles and automates the entire fuzzing workflow. PkgFuzz monitors the build process of software packages and selects packages that can be fuzzed. At the same time, it collects the necessary information for fuzzing. In this presentation, we will introduce the fuzzing campaign called the PkgFuzz Project, which utilized PkgFuzz. In the PkgFuzz Project, we conducted a fuzzing campaign on the Debian packages of Ubuntu 23.10, which includes a wide variety of software. Without human intervention, we obtained 64,658 crashes from 265 packages. Upon further investigation, we discovered four vulnerabilities that could be exploited in attacks. We reported these vulnerabilities to the Information-Technology Promotion Agency (IPA), which resulted in the issuance of three advisories and the assignment of CVEs.

Over the past few decades, the attack surface in in-the-wild vulnerabilities has gradually shifted from Win32k to CLFS. Microsoft has been consistently and actively patching these vulnerabilities. Who might become the next target? Last year, MSKSSRV became a hot target for hackers. However, it is just a part of the Kernel Streaming.

In this presentation, we are going to reveal the long-overlooked attack surface for privilege escalation in the Windows Kernel, which we exploited to identify over 20 vulnerabilities in just a few months. Our successful Windows LPE at Pwn2Own Vancouver 2024 was actually one of these vulnerabilities, and it was just the tip of the iceberg. That also allows us to compromise across systems from Windows 7 to Windows 11. Additionally, we delve into a novel proxy-based logical bug class used at Pwn2Own that enables us to pivot ourselves into the kernel to ignore most validations. Meanwhile, we will demonstrate how this kind of bug class can lead to severe consequences, making exploitation straightforward.

Through this talk, we’ll share our discovery of this attack surface and the bug class, providing some case studies on the power and elegance of this type of vulnerability. We’ll also introduce techniques for identifying and exploring similar vulnerability patterns, empowering attendees to discover and mitigate future security issues in the Windows ecosystem.

As we approach the largest election year in history, 2024 is already shadowed by China’s influence operations (IO) aiming to destabilize the democratic systems. Since 2023, Chinese threat actors have launched multiple IO campaigns targeting elections, including an evolving tactic that merges the hack-and-leak with IO campaigns.

In the first part of the presentation, we will introduce Chinese threat actors’ newly developed tactics, specifically the combination of hack-and-leak tactics with IO campaigns. We will elaborate on how China learned and advanced Russia’s playbook to influence the election with asserted leaked documents within our real-world case study from the 2024 Taiwan presidential election.

At the same time, the proliferation of generative artificial intelligence (AI) technology has enhanced threat actors’ capability. In the second part of the presentation, we will demonstrate how Chinese threat actors apply AI for such hack-and-leak and IO campaigns. The integration of AI, hack-and-leak, and IO allows the threat actors to create disinformation that targets broader audiences with ease.

As billions of people are heading to vote in the rest of 2024, including the critical U.S. presidential election in November, the stakes have never been higher. Alarmingly, with the enhanced capability, Chinese threat actors have expanded their target scope from presidential candidates to include legislators. The expansion serves as a dire warning as individual legislators often lack the resources to defend against influence operations. We will conclude the presentation by providing mitigation strategies and policy recommendations aiming to counter the threat at an early stage.

[Recorded Session]

The idea of knowing what is in our software went from a radical idea to the popular buzzword of “SBOM”. But where is Software Bill of Materials going, and how will it interact with other movements in security, particularly around government policy and regulation? This talk will review where SBOM came from, and how it became a global community, then explicitly aggressive current gaps, and how the community is working to address them. But SBOM alone will, of course, not solve all our problems. Before SBOM, we need more Coordinated Vulnerability Disclosure (CVD). Once we have SBOM, we need good quality vulnerability data, including the new CVE standards, and better software identifiers. And to prevent being overwhelmed, we need the Vulnerability Exploitability eXchange (VEX) and machine readable advisories, for both proprietary and open source software. See the whole map for better planning around the future of software security and response.

Ransomware groups have become notably proficient at wreaking havoc across various sectors , but we can turn the tables. However, a less explored avenue in the fight against these digital adversaries lies in the proactive offense against their web panels. In this presentation, I will delve into the strategies and methodologies for infiltrating and commandeering the web panels used by ransomware groups to manage their malicious operations or the APIs used during their initial exfiltration of data.

I will demonstrate how to leverage these vulnerabilities to gain unauthorized access to the ransomware groups’ web panels. This access not only disrupts their operations but also opens a window to gather intelligence and potentially identify the operators behind those APTs. Let’s explore the frontiers of cyber offense, targeting the very command and control (C2) centers ransomware groups rely on, turning the tables in our ongoing battle against cyber threats,it’s our turn to wreack havoc.

In today’s digital landscape, phishing attacks conducted through official chat functionalities in web and mobile applications pose a significant threat. Understanding and countering these threats are paramount to safeguarding users and platforms alike. This presentation delves into a personal account of receiving two suspicious chat messages, triggering an investigation into a widespread phishing campaign.

The curiosity and concern sparked by the suspicious messages prompted a deeper dive into the nature and extent of the phishing campaign. The investigation revealed critical insights into the tactics, targets, and methods employed by the attackers, particularly within the travel industry. Additionally, the discovery of an InfoStealer malware attack shed light on the theft of valuable customer information from official travel accounts.

As the phishing campaign expanded its scope to target e-commerce platforms, the tactics adapted while retaining distinct similarities. Further exploration uncovered findings related to other platforms targeted by similar phishing attacks, underscoring the campaign’s broad impact.

A detailed source code analysis of the phishing platform unveiled its capabilities, including the targets that are majority European countries (including Italian speakers), the generation of convincing phishing pages, integration with chat functionality, and verification mechanisms for transactions. The platform’s integration with Telegram and the presence of multiple operators shed light on its underlying business model and operational strategies.

Discoveries indicated that the phishing platform likely serves as the management platform for the Telekopye Telegram scam, revealing interconnected networks and motives underlying these attacks.

Practical recommendations are provided for users, merchants, and platform security engineers to enhance security posture and mitigate the risk of falling victim to phishing attacks. Emphasizing ongoing vigilance and collaboration, this presentation concludes by summarizing key findings and insights gained from the investigation.

While theoretical NFC relay attacks have been discussed for years, real-world attacks remain rare – especially successful ones. Dive with us into NGate, the first publicly known, in-the-wild, Android malware that used an NFC relay attack to facilitate remote ATM withdrawals, and successfully stole thousands from victims in Czechia early in 2024 – with a little help from social engineering and phishing. These attacks started in Czechia in November 2023. Initially, the attackers took advantage of progressive web apps (PWAs), which are essentially websites that function like mobile apps. They then advanced their tactics by using a more complex form of PWAs called WebAPKs. This progression led to the final step of their attack: distribution of the NGate malware. To spice things up, we’ll delve into NFCGate, the legitimate, open-source, NFC research toolkit that the NGate malware is based on, and explain two additional attack scenarios that can be achieved using the same tooling. During our presentation, we will demonstrate NFC attacks against contactless payments, and NFC token cloning. We will show how attackers can use a smartphone to scan contactless cards in public places, enabling them to make payments simultaneously at a remote terminal. Additionally, we will demonstrate how an attacker can clone the UID of MIFARE Classic 1k NFC contactless smartcards to gain access to restricted areas.

Recently, the Snowflake Campaign has emerged as a significant security incident, exposing sensitive data of over 165 customers.

This breach has highlighted critical problems in cloud data platforms and underscored the need for robust security measures. In this talk, we will dissect how we learned of the Snowflake Campaign, exploring how the attackers gained access, how they could exfiltrate information, and the steps organizations can take to mitigate such threats. Attendees will gain insights into the anatomy of the breach, the importance of Cloud and SaaS visibility in identifying and responding to such incidents, and practical detection strategies to enhance their cloud security capabilities.

Notably, we were the first to go public with this breach, emphasizing the critical need for timely and transparent communication in the cybersecurity community. This session will provide attendees with actionable detection suggestions, essential for security professionals seeking to understand the new and evolving landscape of SaaS security threats and how to defend against them.

As the dominant platform for desktops ranging from individual users to industrial applications, Windows OS relies heavily on robust driver operations. Our presentation introduces MS-Fuzzer, a sophisticated tool that leverages Symbolic Execution and Kernel Fuzzing to systematically uncover vulnerabilities in Windows Drivers.

Windows Drivers commonly interact with the user through IOCTL (Input Output Control) codes, each with specific constraints like InBufferLength and OutBufferLength. Analyzing multiple IOCTL codes is a meticulous task due to their sheer number and complexity. We utilize Angr-based Symbolic Execution to automate the analysis of each IOCTL code’s constraints. This automation significantly reduces manual effort and enhances code coverage during fuzzing processes.

Additionally, built-in drivers require custom fuzzing harnesses. We will discuss efficient strategies to produce these harnesses, highlighting their role in identifying vulnerabilities. During our one-month analysis, several drivers, such as ‘usbprint’, were found to contain vulnerabilities. We will present a case study detailing the methods used to discover these vulnerabilities.

Over a span of 100 days, our efforts led to the discovery of 100 vulnerabilities. We cataloged 21 CVEs and 10 KVEs (Korean CVEs) involving key vendors like Microsoft, AMD, Siemens, MSI, Mitsubish and antivirus companies including Sophos. Selected cases of significant interest to the security research community will be showcased.

In support of ongoing security research, we commit to releasing all utilized tools, proof-of-concept examples for major vulnerabilities (subject to NDA terms), and sample code for fuzzing harnesses as open-source resources available at https://github.com/0dayResearchLab/msFuzz.

This session aims to illuminate the operational principles of Windows Kernel Drivers and provide a comprehensive guide for the security research community in discovering vulnerabilities in Windows drivers.

Browsers are a complex piece of software with multiple components integrated together. Every one of these components, as well as the integration layers between them, are potential sources of bugs. However, not all bugs are equal - exploitability of the initial bug is sometimes questionable, and mitigation bypasses are often required to obtain fully arbitrary code execution even within the renderer. In Chrome this mitigation is known as the V8 Sandbox, which attempts to prevent any memory corruption within the V8 Sandbox region from affecting any other memory region. This makes exploiting the initial bug to a fully arbitrary code execution much more challenging… or so was considered as such.

In this talk, I demonstrate how WebAssembly still serve as a great attack vector that provide troves of both the initial bug and V8 Sandbox bypass. I first share the story behind finding a WASM bug in V8 through variant analysis and exploiting it at TyphoonPWN 2024, and show how fixing this bug revealed another stunningly simple variant-of-a-variant bug exploited in v8CTF. I also introduce another bug in WASM TurboFan compiler caused by an innocent typo, and show how analyzing a seemingly unexploitable bug can reveal significant exploitability in some configurations and platforms. I continue on to a massive list of 10+ V8 Sandbox bypasses in WASM, opening up a whole new paradigm of bypass techniques that require significant efforts to fully patch. This research, while spanning over only a short period of approximately 2 months, enabled me to win multiple hacking competitions and VRPs for a total of $250K+.

Throughout the talk, I provide both the big picture and detailed technical walkthrough on finding bugs in Chrome’s WASM implementation and exploiting them in the modern Chrome environment. I challenge the common misconception that “browser bugs are hard”, whereas quite a few of them can be found and exploited without breaking a sweat. The talk will conclude with a sneak peek of future works on WASM implementation in other major browsers and a demonstration of the exploits.