Discover the World's first WebAssembly Security Training

Public Training Courses 2020

  • FEB 2020 | BERLIN
  • MAR 2020 | SHACK
  • APR 2020 | HITB AMSTERDAM
  • AUG 2020 | RINGZERO
  • ONSITE TRAININGS
berlin webassembly training securityDescription & Registration
Dates
10 February 2020 - 13 February 2020
Hosted by
Location
Friedrichstraße 158-164, 10117 Berlin, Germany
berlin webassembly training securityDescription & Registration
Dates
29th March – 1st April 2020
Hosted by
SHACK
Location
Singapore

hitb amsterdam webassembly security training wasm

Description & Registration
Dates
20 April 2020 - 22 April 2020
Hosted by
HITB Amsterdam
Location
Amsterdam

ringzero patrick ventuzelo wasm webassembly security fuzzing training

Description & Registration
Dates
1 August 2020 - 4 August 2020
Hosted by
Ringzer0
Location
Las Vegas

New to WebAssembly or Rust security? Do you want to learn WebAssembly security? Do you want to learn how to find bugs in Rustlang? Our security trainings focus are designed to familiarize engineers, developers, designers and security professionals of any level.

Check out the training content we can offer you here.

WebAssembly Security training wasm patrick ventuzelo

WebAssembly Security
"From Reversing to Vulnerability Research"

This courses will give you all the prerequisites to understand what’s a WebAssembly module and its associated virtual machine. At the end of this intensive 4 days, you will be able to reverse statically and dynamically a WebAssembly module, analyze its behavior, create detection rule and search for vulnerabilities and security issues. You will learn which security measures are implemented by the WebAssembly VM to validate and handle exceptions. Finally, you will discover how to find vulnerabilities inside WebAssembly VMs (Web-browsers, Standalone VM) using differents fuzzing techniques.

Along this training, students will deal with a lots of hands-on exercises allowing them to internalize concepts and techniques taught in class.

COURSE OUTLINE

Introduction to WebAssembly
WebAssembly VM architecture
WebAssembly toolchain
Writing examples in C/C++/Rust/C#
Debugging WebAssembly module
WASM binary format (header, sections)
WebAssembly Text Format (wat/wast)
WebAssembly Instructions set
Coding with WASM Text format
Reversing WebAssembly module
CFG & CallGraph reconstruction
DataFlowGraph analysis
Browser Addons reversing

Modules Instructions analytics/metrics
WASM cryptominers analysis
Pattern detection signatures (YARA)
Taint Tracking
Dynamic Binary Instrumentation
Bytecode (De)-Obfuscation techniques
Static Single Assignment & Decompilation
Real-life WASM module analysis
Hacking WebAssembly video game

Traps & Exception handling
WebAssembly module vulnerabilities
Integer/Buffer/Heap Overflows
Advanced vulnerabilities (UaF, TOCTOU…)
CFI Hijacking
Emscripten vulnerabilities
Exploitation NodeJS server running wasm module
Vulnerability detection (Static & Dynamic)
Lifting WASM bytecode
Fuzzing WebAssembly modules

Web-Browsers vulnerabilities analysis (CVEs PoC)
WebAssembly VM & Interpreter vulnerabilities
WebAssembly JS APIs generation
Fuzzing Web-Browsers (Chrome, Firefox, WebKit)
WASM module validation mechanism
Writing edge case module
WAT, WAST & WASM grammar generation
Blockchain VM targets
Fuzzing C/C++/Rust/Go WASM project
WebAssembly for Security Researcher
In-memory fuzzing everything using WebAssembly & Frida

rust security patrick ventuzelo training webassembly

Rust Security "For Hacker and Developers"

This goal of this course is to give you all the prerequisites to understand which kind of vulnerability can be found inside Rust code. You will learn how to find low hanging fruits bugs manually and automatically using Rust auditing tools. Finally, you will discover how to build custom Rust fuzzerstriage/debug crashes and improve your code coverage using differents techniques.

Along this training, students will deal with a lots of hands-on exercises allowing them to internalize concepts and techniques taught in class.

COURSE OUTLINE

Introduction to Rust
Security concepts & Ownership
Panicking macros
Error handling & Unwrapping
Unsafe codes
Attack surface discovery
Rust vulnerabilities & impacts
Uninitialized & Zeroing memory
Auditing tools

Setup fuzzers easily (libfuzzer, afl, honggfuzz)
Crashes Triaging
Structure-aware Fuzzing
Debugging / Bugs analysis
Code coverage
Corpus minimization
Sanitizers (ASAN, MSAN, …)
Symbolic execution
Vulnerability exploitation

Trainings

WebAssembly Security training wasm patrick ventuzelo

New to WebAssembly or Rust security? Do you want to learn WebAssembly security? Do you want to learn how to find bugs in Rustlang? Our security trainings focus are designed to familiarize engineers, developers, designers and security professionals of any level.

Check out the training content we can offer.

Services

WebAssembly Security training wasm patrick ventuzelo

Are you developing WebAssembly module, Rust code or dealing with a malware like cryptominer? Do you want to put an existing C/C++/Rust/etc. code under the test? Need someone to evaluate solutions and services for you?

Check out the services we can offer.

SUBSCRIBE TO OUR NEWSLETTER

Privacy Policy

Your personal information will only be used for the purposes of contacting you and will not be shared with any third parties. By submitting your personal information you give your consent for us to contact you with the purpose of providing tailored professional services to you and/or your company.