Showing Posts About

• Jon Butler
• 21 May 2014

Poor Man's Static Analysis - BSides London 2014

A presentation at BSides London 2014 explored using Clang for developing static analysis tools to assist manual code review. The research demonstrated tracing control flow in Google Chrome's DOM event dispatch mechanisms. The approach focused on creating custom static analysis techniques for examining complex software codebases.

• Jon Butler Nils
• 6 Sep 2013

Polishing Chrome for Fun and Profit (NSC)

A presentation at the Nordic Security Conference detailed a full sandbox escape vulnerability in Google Chrome. The vulnerability was successfully exploited at the Pwn2Own 2013 hacking competition. Technical details of compromising Chrome's security mechanisms were demonstrated by MWR's Nils and Jon.