blackhat usa 2022 wasm fuzzing patrick ventuzelo fuzzinglabs webassembly
| | | | |

A Journey Into Fuzzing WebAssembly Virtual Machines [BlackHat USA 2022]

A Journey Into Fuzzing WebAssembly Virtual Machines [BlackHat USA 2022] Abstract Since the MVP release in 2017, WebAssembly evolve gradually, bringing new adepts and new VM implementations over time. It’s now possible to run WebAssembly modules over every modern browser, in some blockchain, or using a standalone VM. In the same way that multiple JavaScript…

wasm webassembly browser emscripten solana wasm-pack wasm-bindgen near ewasm wasmer wasmtime
| |

Top 7 books to learn WebAssembly in 2022

Top 7 books to learn WebAssembly in 2022 Today, I discuss my favorite books if you are looking to learn more about WebAssembly and wasm security. Learn WebAssembly – link WebAssembly in Action – link What Is WebAssembly? – link The Art of WebAssembly – link WebAssembly: The Definitive Guide – link Programming WebAssembly with…

reversing, wasm, webassembly, ethereum , ewasm, ethcc, training, security, blockchain, smart contract, patrick, ventuzelo

Reversing Ewasm contract 101 – EthCC 2020

Reversing Ewasm smart contracts 101 – EthCC 2020 I just gave a talk/workshop today (03/2020) at EthCC 2020 (Paris – France), about reversing Ewasm (Ethereum flavored WebAssembly) smart contract. In this talk, I briefly introduce WebAssembly concepts , Ewasm ethereum specificity and opcodes/instructions. Secondly, I show how to create Ewasm smart contracts and expose different techniques/tools…

wasm fuzzer jsfuzz webassembly parser

Fuzzing npm/nodejs WebAssembly parsing library with jsfuzz

Fuzzing javascript nodejs/npm WebAssembly parsing library with jsfuzz I asked recently on twitter what should be my next blogpost subject and voters choose this one, so here it is. In this short blogpost, I will first introduce jsfuzz, a coverage-guided javascript fuzzer for nodejs/npm packages. Then, I’ll discuss about the wasm binary parsing library I…

dharma wasm fuzzing webassembly training security
|

Fuzzing JavaScript WebAssembly APIs using Dharma/Domato (Chrome/v8)

Fuzzing JavaScript WebAssembly APIs using Dharma/Domato (V8 engine) First of all, Happy new hacking year everyone 😉 I got asked multiple time if fuzzing WebAssembly APIs of Javascript engines is complicated, so here is a short tutorial using Dharma (but you can use Domato if you prefer). In this blogpost, I will first detailed which WebAssembly…

polyglot html js webassembly wasm module security patrick ventuzelo training
|

How to create a valid polyglot HTML/JS/WebAssembly module

How to create polyglot HTML/JS/WebAssembly module Just a bit of context first, so last month I was at the hack.lu conference to give a workshop about “Reversing WebAssembly module 101” and spend some amazing time with friends. Workshop goes well, attendees were really interested and even better I received the award of the best talk/workshop…

google keep wasm webassembly module patrick ventuzelo security analysis ink Sketchology protobuf webgl
|

Analysis of Google Keep WebAssembly module

Analysis of Google Keep WebAssembly module Last month, i was at REcon Montreal to give my training about WebAssembly Security and after some discussion people always ask me this question: Is WebAssembly already used in the wild? The answer is of course YES and some WebAssembly modules are potentially running right now in your browser…