Click here to register.
15-18 June 2020, hilton Hotel
4600$ CAD before May 1,
5400$ CAD after.
Learn how to reverse-engineer both statically & dynamically WebAssembly modules and discover how to find security vulnerabilities inside both WebAssembly modules and WebAssembly VMs (standalone & browsers) using fuzzing techniques.
WebAssembly (WASM) is a new binary format currently developed and supported by all major web-browsers including Firefox, Chrome, Webkit/Safari and Microsoft Edge. This format has been designed to be "Efficient and fast", "Debuggable" and "Safe" and is often called the game changer for the web.
WebAssembly is beginning to be used everywhere and for everything:
- Web-browsers (Desktop & Mobile)
- Servers/Website (Nodejs, React, Qt, Electron, Cloudflare workers)
- Video games (Unity, UE4)
- Blockchain platforms (EOS, Ethereum, Dfinity)
- Cryptojacking (Coinhive, Cryptoloot)
- Linux Kernel (Cervus, Nebulet)
- ... and more
This course will give you all the prerequisites to understand what is a WebAssembly module and its associated runtime virtual machine. At the end of four intensive days, you will be able to statically and dynamically reverse a WebAssembly module, analyze its behavior, create specific detection rules and search for vulnerabilities. You will discover which security measures are implemented by the WebAssembly VM to validate and handle exceptions. Finally, you will search for vulnerabilities inside WebAssembly VMs (web browsers, standalone VM) using mutation and generation based fuzzing techniques. Students shall be presented with lots of hands-on exercises allowing them to internalize concepts and techniques taught in class.
Day 1 WEBASSEMBLY REVERSING
- Introduction to WebAssembly
- WebAssembly VM architecture and toolchains
- Writing examples in C/C++/Rust/C#
- Module debugging
- WASM binary format (header, sections, etc.)
- WebAssembly Text Format (wat/wast)
- WebAssembly Instructions set
- Writing examples using WASM Text format
- Reversing WebAssembly module
- CFG and CallGraph reconstruction
- DataFlowGraph analysis
Day 2 ANALYSIS OF REAL-LIFE WASM MODULES
- Modules Instructions analytics/metrics
- WebAssembly cryptominers analysis
- Pattern detection signatures (YARA rules, etc.)
- Taint Tracking
- Dynamic Binary Instrumentation
- Bytecode (De)-Obfuscation techniques
- Static Single Assignment and Decompilation
- Real-life WASM module analysis
- WebAssembly video game hacking
Day 3 WEBASSEMBLY MODULES VULNERABILITIES
- Traps and Exception handling
- WebAssembly module vulnerabilities
- Integer/Stack/Heap Overflows
- Advanced vulnerabilities (UaF, TOCTOU)
- CFI Hijacking
- Emscripten vulnerabilities
- Exploiting NodeJS server running WASM module
- Vulnerability detection (Static and Dynamic)
- Lifting WASM bytecode
- Fuzzing WebAssembly modules
Day 4 VULNERABILITY RESEARCH INSIDE WEBASSEMBLY VM
- Web-Browsers vulnerabilities analysis (CVEs PoC)
- WebAssembly VM and Interpreter vulnerabilities
- WebAssembly JS APIs generation
- Fuzzing Web-Browsers (Chrome, Firefox, WebKit)
- WASM module validation mechanism
- Writing edge case modules
- WAT, WAST & WASM generation using grammars
- Interesting VM targets (kernel, blockchain, etc.)
- Fuzzing C/C++/Rust/Go based WebAssembly projects
- WebAssembly applied for Security Researcher toolings
- In-memory fuzzing everything using WebAssembly and Frida
- Basic reverse engineering skills
- Familiarity with scripting languages (Bash, Python).
- Comfortable with C/C++ or Rust programming.
- SKILL LEVEL: BEGINNER / INTERMEDIATE
- A working laptop capable of running virtual machines.
- 8Gb RAM required, at a minimum
- 40GB free Hard Disk space
Minimum Software to Install
- Both Google chrome & Firefox web-browsers
- Administrator / root access MANDATORY
- IDA Pro would be helpful but not required.
Patrick Ventuzelo is a French Independent Security Researcher specialized in vulnerability research, fuzzing, reverse engineering and program analysis. He is trainer of two training respectively about "WebAssembly Security" and "Rust Security". Patrick is the author of Octopus, the first open-source security analysis tool supporting WebAssembly and multiple Blockchain smart contracts bytecode to help researchers perform closed-source analysis.
In his previous roles, Patrick did malware analysis at Airbus D&S Cybersecurity, Android kernel vulnerability research at the French Department Of Defense, telecom pentesting at P1 Security, and Blockchain security R&D for Quoscient GmbH.
Patrick is a regular speaker and trainer at various security conferences around the globe, including REcon Montreal, ToorCon, HITB, hack.lu, NorthSec, FIRST, REcon Brussels, SSTIC, Microsoft DCC, BlackAlps, etc.
Click here to register.