Explore a comprehensive conference talk from Black Hat that delves into privilege escalation vulnerabilities and defense strategies in JavaScript engines. Learn about surprising discoveries made by Zero Day Initiative program researchers, which were instrumental in verifying application hardening processes. Gain insights into the elimination of vulnerabilities within a security model implemented in a JavaScript engine through a multi-pronged approach. Examine the architecture, attack surfaces, and bypass techniques used in JavaScript engines, including privileged contexts, trusted functions, and folder-level scripts. Understand the history of JavaScript, key design decisions, and implementation challenges. Discover how static analysis, point analysis, and security information flow contribute to defending against privilege escalation attacks. Benefit from the expertise of Abdul-Aziz Hariri and Edgar Pek as they share their findings and strategies for tackling this critical security issue. Read more