Prateek Gianchandani
[Careem - Uber]
Prateek Gianchandani is currently working as a Security Engineer at Careem - An Uber Company.

He has more than 8 years of experience in security research and penetration testing. His core focus area is mobile exploitation,reverse engineering and embedded device security.

He is also the author of the open source vulnerable application named Damn Vulnerable iOS app. He has presented and trained at many international conferences including Defcon, POC, TyphoonCon, Blackhat USA, Brucon, Hack in Paris, Phdays, Appsec USA etc.

In his free time, he blogs at http://highaltitudehacks.com.

Tutorial: Webkit Exploitation Workshop

Web browsers are incredibly complex and because of its huge codebase, contain a wide attack surface.

This 2-hour workshop will give attendees an introduction to the world of Browser exploitation. We begin with an introduction to the Browser architecture and the different security mitigations in place. We will then learn how to set up a test environment using the open-source builds of different browser engines. We will then learn how to identify, analyze and exploit vulnerabilities in the WebKit browser engine.

We will focus mostly on WebCore and JavascriptCore, We will understand how objects are allocated and stored in the memory followed by an understanding of how JIT Compilers work, and then learn how a Type-confusion vulnerability can be exploited to get initial addrof() and fakeobj() primitives followed by shellcode execution on an unpatched Safari instance.

Secure your place today!