WEBASSEMBLY SECURITY TRAINING

WebAssembly Security training wasm patrick ventuzelo

WebAssembly Security
"From Reversing to Vulnerability Research"

WebAssembly (WASM) is a new binary format currently developed and supported by all major browsers including Firefox, Chrome, WebKit /Safari and Microsoft Edge through the W3C. This new format have been designed to be “Efficient and fast“, “Debuggable“ and “Safe” that why it is often called as the “game changer for the web”.

WebAssembly is used everywhere (not exhaustive):

Web-browsers (Desktop & Mobile)
Cryptojacking (Coinhive, Cryptoloot)
Servers/Website (Nodejs, React, Qt, Electron, Cloudflare workers) 
Video games (Unity, UE4)
Blockchain platforms (EOS, Ethereum, Dfinity)
Linux Kernel (Cervus, Nebulet)
… and more

This course will give you all the prerequisites to understand what is a WebAssembly module and its associated runtime virtual machine. At the end of four intensive days, you will be able to statically and dynamically reverse a WebAssembly module, analyze its behavior, create specific detection rules and search for vulnerabilities & security issues. You will discover which security measures are implemented by the WebAssembly VM to validate and handle exceptions. Finally, you will search for vulnerabilities inside WebAssembly VMs (web browsers, standalone VM) using mutation and generation based fuzzing techniques.

Along this training, students shall be presented with lots of hands-on exercises allowing them to internalize concepts and techniques taught in class.

4 or 5 DAY COURSE OUTLINE

Customization is possible for every onsite training given at the location of your choice.

Introduction to WebAssembly
WebAssembly VM architecture
WebAssembly toolchain
Writing examples in C/C++/Rust/C#
Debugging WebAssembly module
WASM binary format (header, sections)
WebAssembly Text Format (wat/wast)
WebAssembly Instructions set
Coding with WASM Text format
Reversing WebAssembly module
CFG & CallGraph reconstruction
DataFlowGraph analysis
Browser Addons reversing

Modules Instructions analytics/metrics
WASM cryptominers analysis
Pattern detection signatures (YARA)
Taint Tracking
Dynamic Binary Instrumentation
Bytecode (De)-Obfuscation techniques
Static Single Assignment & Decompilation
Real-life WASM module analysis
Hacking WebAssembly video game

Traps & Exception handling
WebAssembly module vulnerabilities
Integer/Buffer/Heap Overflows
Advanced vulnerabilities (UaF, TOCTOU…)
CFI Hijacking
Emscripten vulnerabilities
Exploitation NodeJS server running wasm module
Vulnerability detection (Static & Dynamic)
Lifting WASM bytecode
Fuzzing WebAssembly modules

Web-Browsers vulnerabilities analysis (CVEs PoC)
WebAssembly VM & Interpreter vulnerabilities
WebAssembly JS APIs generation
Fuzzing Web-Browsers (Chrome, Firefox, WebKit)
WASM module validation mechanism
Writing edge case module
WAT, WAST & WASM grammar generation
Blockchain VM targets
Fuzzing C/C++/Rust/Go WASM project
WebAssembly for Security Researcher
In-memory fuzzing everything using WebAssembly & Frida

KEY LEARNING OBJECTIVES

  • Learn what is WebAssembly and what’s inside a WebAssembly module.
  • Discover the architecture of the WebAssembly virtual machine.
  • Learn how to analyze statically and dynamically real-life wasm modules.
  • Discover how to hack video games running on your browsers using WebAssembly.
  • Learn how to find vulnerability inside WebAssembly module and how to exploit them.
  • Study and analyze the module validation mechanism to bypass it.
  • Learn how to apply mutation, grammar and evolutionary fuzzing on WebAssembly VM.
  • Discover how WebAssembly can help you in your day-to-day security work.

CLASS REQUIREMENTS

Prerequisites:
  • Basic reverse engineering skills.
  • Familiarity with scripting (Python, Bash).
  • Familiarity with C/C++ or Rust programming.
  • SKILL LEVEL: BEGINNER / INTERMEDIATE

Laptop Requirements:
  • A working laptop capable of running virtual machines
  • 4GB RAM required, at a minimum
  • 40 GB free Hard disk space
  • VirtualBox
  • Administrator / root access MANDATORY
  • IDA Pro would be helpful but not required

ABOUT THE TRAINER

See our About page.

Upcoming Trainings

Contact us

Subscribe to our newsletter