https://github.com/security-prince/Browser-Security-Research

Resources for Browser Security Research
https://github.com/security-prince/Browser-Security-Research

browser-exploitation browser-security

Last synced: 4 days ago
JSON representation

Resources for Browser Security Research

• Host: GitHub
• URL: https://github.com/security-prince/Browser-Security-Research
• Owner: security-prince
• Created: 2020-10-16T17:53:46.000Z (about 4 years ago)
• Default Branch: main
• Last Pushed: 2022-09-17T13:50:32.000Z (about 2 years ago)
• Last Synced: 2024-05-18T14:14:02.949Z (6 months ago)
• Topics: browser-exploitation, browser-security
• Homepage:
• Size: 61.5 KB
• Stars: 13
• Watchers: 3
• Forks: 2
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • Roadmap: Roadmap.md

Awesome Lists containing this project

• awesome-browser-security - Browser security research

README

        
# Browser Security Research

### Resources for Browser Security Research

#### Resources/Blogs  

* [How Browsers Work: Behind the scenes of modern web browsers](https://www.html5rocks.com/en/tutorials/internals/howbrowserswork/)  

* [Inside look at modern web browser (part 1)](https://developers.google.com/web/updates/2018/09/inside-browser-part1)  

* [Inside look at modern web browser (part 2)](https://developers.google.com/web/updates/2018/09/inside-browser-part2)  

* [Inside look at modern web browser (part 3)](https://developers.google.com/web/updates/2018/09/inside-browser-part3)  

* [Inside look at modern web browser (part 4)](https://developers.google.com/web/updates/2018/09/inside-browser-part4)  

* [Document Object Model (DOM)](https://developer.mozilla.org/en-US/docs/Web/API/Document_Object_Model)  

* [Understanding Web Security Checks in Firefox (Part 1)](https://blog.mozilla.org/attack-and-defense/2020/06/10/understanding-web-security-checks-in-firefox-part-1/)  

* [Understanding Web Security Checks in Firefox (Part 2)](https://blog.mozilla.org/attack-and-defense/2020/08/05/understanding-web-security-checks-in-firefox-part-2/)   

* [Towards native security defenses for the web ecosystem](https://security.googleblog.com/2020/07/towards-native-security-defenses-for.html)  

* [javascript.info](https://javascript.info/)  

* [javascript.info (video playlist)](https://www.youtube.com/playlist?list=PLMYcQvDS3E8EUGASNKYAZ_p3bR6WBbATq)  

* [The Same-Origin Policy Gone Wild](https://parsiya.net/blog/2020-11-01-the-same-origin-policy-gone-wild/)  

* [From SVG and back, yet another mutation XSS via namespace confusion for DOMPurify < 2.2.2 bypass](https://vovohelo.medium.com/from-svg-and-back-yet-another-mutation-xss-via-namespace-confusion-for-dompurify-2-2-2-bypass-5d9ae8b1878f)  

* [Securitum Research](https://research.securitum.com/)  

* [The Hacker Blog](https://thehackerblog.com/)  

* [Jorge Lajara's posts on XSS](https://jlajara.gitlab.io/web.html)  

* [The Great DOM Fuzz-off of 2017](https://googleprojectzero.blogspot.com/2017/09/the-great-dom-fuzz-off-of-2017.html)  

* [JavaScript Engine Fuzzing and Exploitation Reading List](https://zon8.re/posts/javascript-engine-fuzzing-and-exploitation-reading-list/)  

* [V8 / Chrome Architecture Reading List - For Vulnerability Researchers](https://zon8.re/posts/v8-chrome-architecture-reading-list-for-vulnerability-researchers/)    

* [WebKit & JSC Architecture Reading List - For Vulnerability Researchers](https://zon8.re/posts/jsc-architecture-reading-list-for-vulnerability-researchers/)  

* [Case Study of JavaScript Engine Vulnerabilities](https://github.com/tunz/js-vuln-db)  

* [Broken Browser](https://www.brokenbrowser.com/)  

* [uxss-db](https://github.com/Metnew/uxss-db)  

* [awesome-browser-exploit](https://github.com/Escapingbug/awesome-browser-exploit)  

* [Attacking JavaScript Engines - A case study of JavaScriptCore and CVE-2016-4622](http://phrack.com/papers/attacking_javascript_engines.html)  

* [A Methodical Approach to Browser Exploitation](https://blog.ret2.io/2018/06/05/pwn2own-2018-exploit-development/)  

* [Fuzzing JavaScript Engines with Fuzzilli](https://blog.doyensec.com/2020/09/09/fuzzilli-jerryscript.html)  

* [Browser-Pwn - An updated collection of resources targeting browser-exploitation](https://github.com/m1ghtym0/browser-pwn)  

* [Hardening Firefox against Injection Attacks](https://www.christophkerschbaumer.com/files/hardening_firefox_against_injection_attacks.pdf)  

* [Hardening Firefox against Injection Attacks – The Technical Details](https://blog.mozilla.org/attack-and-defense/2020/07/07/hardening-firefox-against-injection-attacks-the-technical-details/)  

* [Help Test Firefox’s built-in HTML Sanitizer to protect against UXSS bugs](https://blog.mozilla.org/attack-and-defense/2019/12/02/help-test-firefoxs-built-in-html-sanitizer-to-protect-against-uxss-bugs/)  

* [Chromium Disclosed Security Bugs](https://chromium-disclosed-bugs.appspot.com/)  

* [Edge Vulnerability Research](https://microsoftedge.github.io/edgevr/)  

* [SBX Intro](https://robertchen.cc/blog/2021/07/07/sbx-intro)

* [EXPLOITING URL PARSING CONFUSION](https://claroty.com/2022/01/10/blog-research-exploiting-url-parsing-confusion/)

* [EXPLOITING URL PARSERS: THE GOOD, BAD, AND INCONSISTENT](https://claroty.com/wp-content/uploads/2022/01/Exploiting-URL-Parsing-Confusion.pdf)

* [Circumventing Browser Security Mechanisms For SSRF](https://github.com/httpvoid/writeups/blob/main/Circumventing-Browser-Security-Mechanisms-For-SSRF.md)

* [Demystifying Browsers](https://textslashplain.com/2020/02/09/demystifying-browsers/)

* [Awesome Vulnerability Research](https://github.com/securitychampions/Awesome-Vulnerability-Research)

* [Notes on Browser Exploitation (v8)](https://daniao.ws/notes)

* [Attacking JavaScript Engines in 2022](https://saelo.github.io/presentations/offensivecon_22_attacking_javascript_engines.pdf)

* [Attacking JavaScript Engines - A case study of JavaScriptCore and CVE-2016-4622](http://www.phrack.org/issues/70/3.html#article)

* [Exploiting Logic Bugs in JavaScript JIT Engines](http://www.phrack.org/issues/70/9.html#article)

* [V8 / Chrome Architecture Reading List - For Vulnerability Researchers](https://zon8.re/posts/v8-chrome-architecture-reading-list-for-vulnerability-researchers/)

* [JavaScript Engine Fuzzing and Exploitation Reading List](https://zon8.re/posts/javascript-engine-fuzzing-and-exploitation-reading-list/)

* [Top 4 Books to learn Web Browser Security in 2022](https://www.youtube.com/watch?v=NxKlO4BYMhQ)

* [Introduction to Browser Fuzzing](https://academy.fuzzinglabs.com/introduction-browser-fuzzing?coupon=YOUTUBE)

* [Practical Web Browser Fuzzing](https://fuzzinglabs.com/practical-web-browser-fuzzing/)

* [WTF is Browser Hacking](https://un-excogitate.org/presentations/CactusCon2016-wtfbrowser.pdf)

* [Introduction to Browser Fuzzing](https://www.slideshare.net/null0x00/introduction-to-browser-fuzzing)

* [Browser fuzzing at Mozilla](https://hacks.mozilla.org/2021/02/browser-fuzzing-at-mozilla/)

* [Fuzzing JavaScript Engines with Aspect-preserving Mutation](https://ieeexplore.ieee.org/document/9152648)

* [https://github.com/seal9055/resources#browser-exploitation](https://github.com/seal9055/resources#browser-exploitation)

* [awesome-browser-exploit](https://github.com/Escapingbug/awesome-browser-exploit)

* [Diary of a reverse engineer](https://doar-e.github.io/)

* [Smashing The Browser: From Vulnerability Discovery To Exploit](https://github.com/demi6od/Smashing_The_Browser)

* [https://bufferoverflows.net/](https://bufferoverflows.net/)

* [V8 Bug Hunting Part 1: Setting up the debug environment](https://medium.com/@stankoja/v8-bug-hunting-part-1-setting-up-the-debug-environment-7ef34dc6f2de)

* [SpiderMonkey Research - 0x01 - Setup & Debug](https://glitchnsec.github.io/research/browsers/2019/07/07/spidermoneky-research-0x01-setup-debug.html)

#### Research Work & Papers

* [SOK: On the Analysis of Web Browser Security](https://arxiv.org/pdf/2112.15561.pdf)

* [Towards native security defenses for the web ecosystem](https://security.googleblog.com/2020/07/towards-native-security-defenses-for.html)

* [The Security Architecture of the Chromium Browser](https://seclab.stanford.edu/websec/chromium/)

* [Content-Type Research](https://github.com/BlackFan/content-type-research)

* [Deep Dive into Site Isolation (Part 1)](https://microsoftedge.github.io/edgevr/posts/deep-dive-into-site-isolation-part-1/)

* [js-vuln-db -A collection of JavaScript engine CVEs with PoCs](https://github.com/tunz/js-vuln-db)

* [uxss-db - Browser logic vulnerabilities](https://github.com/Metnew/uxss-db)

* [V8 Vulnerabilities](https://github.com/Zon8Research/v8-vulnerabilities)

* [Awesome Advanced Windows Browser Exploitation References](https://github.com/yeyintminthuhtut/Awesome-Advanced-Windows-Exploitation-References#-browser)

* [Awesome browser security](https://github.com/cezary-sec/awesome-browser-security)

* [Browser Exploitation](https://pwn.browser.rip/)

#### Books  

* [The Tangled Web – A Guide to Securing Modern Web Applications](https://www.amazon.in/Tangled-Web-Securing-Modern-Applications/dp/1593273886)

* [The Browser Hacker's Handbook](https://www.amazon.in/Browser-Hackers-Handbook-Wade-Alcorn-ebook/dp/B00JV5JDM6)  

* [Idiosyncrasies of the HTML parser](https://leanpub.com/html-parser-book/)  

* [X41’s Browser Security White Paper](https://browser-security.x41-dsec.de/X41-Browser-Security-White-Paper.pdf) [(alternate link)](https://github.com/x41sec/browser-security-whitepaper-2017)  

* [Cure53’s Browser Security White Paper](https://cure53.de/browser-security-whitepaper.pdf) [(alternate link)](https://github.com/cure53/browser-sec-whitepaper/)  

#### Videos  

* [Securing Web Apps with Modern Platform Features (Google I/O ’19)](https://www.youtube.com/watch?v=DDtM9caQ97I)  

* [35C3 - The Layman's Guide to Zero-Day Engineering](https://www.youtube.com/watch?v=WbuGMs2OcbE)  

* [35C3 - From Zero to Zero Day](https://www.youtube.com/watch?v=xp1YDOtWohw)  

* [Browser Exploitation for Fun and Profit](https://www.youtube.com/watch?v=j3SbkXxdvnE)  

* [Breaking Microsoft Edge extensions security policies](https://www.youtube.com/watch?v=wZSKCwbq4Og)  

* [Reversing Client Side JavaScript Using the Chrome Dev Tools Protocol](https://www.youtube.com/watch?v=esnyZzNRXkA)  

* [LiveOverflow Browser Exploitation](https://www.youtube.com/playlist?list=PLhixgUqwRTjwufDsT1ntgOY9yjZgg5H_t)   

#### Tools  

* [LiveDOM++](https://livedom.lab.xss.academy/) - Tool to compare various HTML parsers in browsers  

* [Domato](https://github.com/googleprojectzero/domato) - A DOM fuzzer  

* [BeEF](https://github.com/beefproject/beef) - The Browser Exploitation Framework  

* [DOMPurify](https://github.com/cure53/DOMPurify)  

* [HTML Sanitizer API](https://developer.mozilla.org/en-US/docs/Web/API/HTML_Sanitizer_API)

* [FreeDom - A DOM fuzzer](https://github.com/sslab-gatech/freedom)

* [Making of: The Sanitizer API](https://docs.google.com/presentation/d/1eLmIZkY7auD8xT-Q6AzBKM_ASFHH8Z5fMyfeoSbSH-k/view#slide=id.g82761e80df_0_1948)

* [Turbolizer](https://github.com/thlorenz/turbolizer)

* [ClusterFuzz - Scalable fuzzing infrastructure](https://github.com/google/clusterfuzz)

#### Folks to follow  

* [Parisa Tabriz](https://twitter.com/laparisa)  

* [Zon8 Research](https://twitter.com/Zon8Research)  

* [phoenhex team](https://twitter.com/phoenhex)  

* [Luan Herrera](https://twitter.com/lbherrera_)  

* [Abdulrhman Alqabandi](https://twitter.com/Qab)  

* [Frederik Braun](https://twitter.com/freddyb)  

* [Jun Kokatsu](https://twitter.com/shhnjk)  

* [Mozilla Attack and Defense](https://twitter.com/attackndefense)  

* [Chromium Disclosed Security Bugs](https://twitter.com/BugsChromium)  

* [Ivan Fratric](https://twitter.com/ifsecure)  

* [Eduardo Vela](https://twitter.com/sirdarckcat)  

* [koto](https://twitter.com/kkotowicz)  

* [LiveOverflow](https://twitter.com/LiveOverflow)  

* [Masato Kinugawa](https://twitter.com/kinugawamasato)  

* [Dhiraj Mishra](https://twitter.com/RandomDhiraj)  

* [Nikhil Mittal](https://twitter.com/c0d3G33k)  

* [Johnathan Norman](https://twitter.com/spoofyroot)  

* [Alison Huffman](https://twitter.com/ohnonull)  

* [Manuel Caballero](https://twitter.com/magicmac2000)  

* [tunz](https://twitter.com/7unz)  

* [RET2 Systems](https://twitter.com/ret2systems)  

* [Christoph Diehl](https://twitter.com/posidron)  

* [Samuel Groß](https://twitter.com/5aelo)  

* [Jonathan Jacobi](https://twitter.com/j0nathanj)  

* [Norbert Szetei](https://twitter.com/73696e65)  

* [Michał Bentkowski](https://twitter.com/securitymb)  

* [Michele Spagnuolo](https://twitter.com/mikispag)  

* [Ben Stock](https://twitter.com/kcotsneb)  

* [Marius Steffens](https://twitter.com/steffens_marius)  

* [itszn](https://twitter.com/itszn13)  

* [Connor McGarr](https://twitter.com/33y0re)

* [Simon Pieters](https://twitter.com/zcorpan)

* [Adam Barth](https://twitter.com/adambarth)

* [Jeremy Fetiveau](https://twitter.com/__x86)

* [Patrick Ventuzelo](https://twitter.com/Pat_Ventuzelo)

* [doar-e](https://twitter.com/doar_e)

* [Axel Souchet](https://twitter.com/0vercl0k)

* [Jonathan Salwan](https://twitter.com/jonathansalwan)

* [Jeremy Fetiveau](https://twitter.com/__x86)

* [yrp](https://twitter.com/yrp604)

* [Michael Zhang](https://twitter.com/demi6od)

* [Daniel Lim](https://twitter.com/daniellimws)

Twitter List: [client-side-yodas](https://twitter.com/i/lists/1187452854618984449) - List of people specialized in client-side attacks