Click here to register.

Instructor:

Patrick Ventuzelo

Dates:

15-18 June 2020, hilton Hotel

Capacity:

25 Seats

Price:

4600$ CAD before May 1,
5400$ CAD after.

Learn how to reverse-engineer both statically & dynamically WebAssembly modules and discover how to find security vulnerabilities inside both WebAssembly modules and WebAssembly VMs (standalone & browsers) using fuzzing techniques.

WebAssembly (WASM) is a new binary format currently developed and supported by all major web-browsers including Firefox, Chrome, Webkit/Safari and Microsoft Edge. This format has been designed to be "Efficient and fast", "Debuggable" and "Safe" and is often called the game changer for the web.

WebAssembly is beginning to be used everywhere and for everything:
- Web-browsers (Desktop & Mobile)
- Servers/Website (Nodejs, React, Qt, Electron, Cloudflare workers)
- Video games (Unity, UE4)
- Blockchain platforms (EOS, Ethereum, Dfinity)
- Cryptojacking (Coinhive, Cryptoloot)
- Linux Kernel (Cervus, Nebulet)
- ... and more

This course will give you all the prerequisites to understand what is a WebAssembly module and its associated runtime virtual machine. At the end of four intensive days, you will be able to statically and dynamically reverse a WebAssembly module, analyze its behavior, create specific detection rules and search for vulnerabilities. You will discover which security measures are implemented by the WebAssembly VM to validate and handle exceptions. Finally, you will search for vulnerabilities inside WebAssembly VMs (web browsers, standalone VM) using mutation and generation based fuzzing techniques. Students shall be presented with lots of hands-on exercises allowing them to internalize concepts and techniques taught in class.

 

Class Outline

Day 1 WEBASSEMBLY REVERSING

  • Introduction to WebAssembly
  • WebAssembly VM architecture and toolchains
  • Writing examples in C/C++/Rust/C#
  • Module debugging
  • WASM binary format (header, sections, etc.)
  • WebAssembly Text Format (wat/wast)
  • WebAssembly Instructions set
  • Writing examples using WASM Text format
  • Reversing WebAssembly module
  • CFG and CallGraph reconstruction
  • DataFlowGraph analysis

Day 2 ANALYSIS OF REAL-LIFE WASM MODULES

  • Modules Instructions analytics/metrics
  • WebAssembly cryptominers analysis
  • Pattern detection signatures (YARA rules, etc.)
  • Taint Tracking
  • Dynamic Binary Instrumentation
  • Bytecode (De)-Obfuscation techniques
  • Static Single Assignment and Decompilation
  • Real-life WASM module analysis
  • WebAssembly video game hacking

Day 3 WEBASSEMBLY MODULES VULNERABILITIES

  • Traps and Exception handling
  • WebAssembly module vulnerabilities
  • Integer/Stack/Heap Overflows
  • Advanced vulnerabilities (UaF, TOCTOU)
  • CFI Hijacking
  • Emscripten vulnerabilities
  • Exploiting NodeJS server running WASM module
  • Vulnerability detection (Static and Dynamic)
  • Lifting WASM bytecode
  • Fuzzing WebAssembly modules

Day 4 VULNERABILITY RESEARCH INSIDE WEBASSEMBLY VM

  • Web-Browsers vulnerabilities analysis (CVEs PoC)
  • WebAssembly VM and Interpreter vulnerabilities
  • WebAssembly JS APIs generation
  • Fuzzing Web-Browsers (Chrome, Firefox, WebKit)
  • WASM module validation mechanism
  • Writing edge case modules
  • WAT, WAST & WASM generation using grammars
  • Interesting VM targets (kernel, blockchain, etc.)
  • Fuzzing C/C++/Rust/Go based WebAssembly projects
  • WebAssembly applied for Security Researcher toolings
  • In-memory fuzzing everything using WebAssembly and Frida

CLASS REQUIREMENTS

Prerequisites

  • Basic reverse engineering skills
  • Familiarity with scripting languages (Bash, Python).
  • Comfortable with C/C++ or Rust programming.
  • SKILL LEVEL: BEGINNER / INTERMEDIATE

Hardware

  • A working laptop capable of running virtual machines.
  • 8Gb RAM required, at a minimum
  • 40GB free Hard Disk space
  • VirtualBox

Minimum Software to Install

  • Both Google chrome & Firefox web-browsers
  • VirtualBox
  • Administrator / root access MANDATORY
  • IDA Pro would be helpful but not required.

 

 

BIO

Patrick Ventuzelo is a French Independent Security Researcher specialized in vulnerability research, fuzzing, reverse engineering and program analysis. He is trainer of two training respectively about "WebAssembly Security" and "Rust Security". Patrick is the author of Octopus, the first open-source security analysis tool supporting WebAssembly and multiple Blockchain smart contracts bytecode to help researchers perform closed-source analysis.

In his previous roles, Patrick did malware analysis at Airbus D&S Cybersecurity, Android kernel vulnerability research at the French Department Of Defense, telecom pentesting at P1 Security, and Blockchain security R&D for Quoscient GmbH.

Patrick is a regular speaker and trainer at various security conferences around the globe, including REcon Montreal, ToorCon, HITB, hack.lu, NorthSec, FIRST, REcon Brussels, SSTIC, Microsoft DCC, BlackAlps, etc.

TO REGISTER

Click here to register.