Two-day hands-on course offers a rare opportunity for beginners to build real browser exploits from scratch using V8 vulnerabilities.
South Korea’s leading cybersecurity company, SK Shieldus, announced that its white-hat hacker team, EQST(Experts, Qualified Security Team), will deliver a technical training session titled “Kickoff to V8 Exploit: Every Step of the Way” at ‘Black Hat USA 2025’, the world’s most prominent cybersecurity event.
The two-day course, scheduled for August 4–5, is part of Black Hat’s official Training program (August 2–5) and will be held at Mandalay Bay, Las Vegas.
Tailored for beginner to intermediate security professionals, this course provides hands-on, step-by-step training in vulnerability analysis and exploit development targeting Chrome’s V8 JavaScript engine. Participants will follow a structured learning path—from understanding memory layout to building a full exploit chain that achieves remote code execution (RCE).
Chrome’s V8 engine underwent significant architectural changes in 2024, increasing both its complexity and the technical barrier to vulnerability research. This course is designed to bridge that gap, offering clear explanations of V8 internals and step-by-step guidance in modern exploit techniques.
Participants will analyze the engine’s memory structure, utilize debuggers such as GDB and d8, and develop hands-on proficiency in vulnerability analysis (e.g., out-of-bounds, Type Confusion), arbitrary memory access, and sandbox escape techniques. The full exploit chain—from bug identification to shellcode execution—will be covered in depth. In addition, recent updates to the V8 sandbox architecture and modern bypass strategies will be explored using pre-configured remote lab environments. All attendees will gain access to a dedicated training setup equipped with exploit templates, sample vulnerable code, and custom debugging tools.
By the end of the course, participants will walk away with a practical understanding of JavaScript engine security, hands-on experience in Chrome bug hunting, and skills applicable to CTF-style challenges and real-world exploit research.
Explore AITechPark for the latest advancements in AI, IOT, Cybersecurity, AITech News, and insightful updates from industry experts!