WebAssembly Reversing and Security Analysis

Learn how to reverse-engineer WebAssembly modules and identify security issues in WebAssembly modules and VMs.

Training starting at

$1,800.00

with one of our subscriptions

Language

English

WebAssembly (WASM) is a new binary format currently developed and supported by all major web-browsers including Firefox, Chrome, Webkit/Safari and Microsoft Edge. This new format have been designed to be “Efficient and fast“, “Debuggable“ and “Safe” that why it is often called as the "game changer for the web".

WebAssembly start to be used everywhere and for everything (not exhaustive):

  • Web-browsers (Desktop & Mobile)
  • Servers/Website (Nodejs, React, Qt, Electron, Cloudflare workers)
  • Video games (Unity, UE4)
  • Blockchain platforms (EOS, Ethereum, Dfinity)
  • Cryptojacking (Coinhive, Cryptoloot)
  • Linux Kernel (Cervus, Nebulet)
  • Etc.

This courses will give you all the prerequisites to understand what’s a WebAssembly module and its associated runtime virtual machine. At the end of this intensive 4 days, you will be able to reverse (statically & dynamically) a WebAssembly module, analyze its behavior, create specific detection rule and search for vulnerability insides. You will discover which security measures are implemented by the WebAssembly VM to validate and handle exceptions. Finally, you will search for vulnerabilities inside WebAssembly VMs (web-browsers, standalone VM) using differents fuzzing techniques (mutation & generation based).

Along this training, students will deal with a lots of hands-on exercises allowing them to internalize concepts and techniques taught in class. Hope you will like it !

Who Should Attend

This class is meant for everyone that want to understand deeper how WebAssembly works such as: malware analysts dealing with cryptominers, professional pentester planning to audit WebAssembly module, developers or students looking to add WebAssembly in their skill-sets, blockchain auditors auditing EOS or Ethereum 2.0 smart contracts and finally vulnerability researchers looking for new targets (like web-browsers) will benefit from this course.

Day 1 – WebAssembly Reversing

  • Introduction to WebAssembly
  • WebAssembly VM architecture & toolchains
  • Writing examples in C/C++/Rust/C#
  • Module debugging
  • Wasm binary format (header, sections, ...)
  • WebAssembly Text Format (wat/wast)
  • WebAssembly Instructions set
  • Writing examples using WASM Text format
  • Reversing WebAssembly module
  • CFG & CallGraph reconstruction
  • DataFlowGraph analysis

Day 2 – Real-life Modules Analysis

  • Modules Instructions analytics/metrics
  • WebAssembly cryptominers analysis
  • Pattern detection signatures (YARA rules, ...)
  • Taint Tracking
  • Dynamic Binary Instrumentation
  • Bytecode (De)-Obfuscation techniques
  • Static Single Assignment & Decompilation
  • Real-life Wasm module analysis
  • WebAssembly video game hacking

Day 3 – WebAssembly Modules Vulnerabilities

  • Traps & Exception handling
  • WebAssembly module vulnerabilities
  • Integer/Buffer/Heap Overflows
  • Advanced vulnerabilities (UaF, TOCTOU...)
  • CFI Hijacking
  • Emscripten vulnerabilities
  • Exploitation NodeJS server running wasm module
  • Vulnerability detection (Static & Dynamic)
  • Lifting Wasm bytecode
  • Fuzzing WebAssembly modules

Day 4 – Vulnerability Research inside WebAssembly VM

  • Web-Browsers vulnerabilities analysis (CVEs PoC)
  • WebAssembly VM & Interpreter vulnerabilities
  • WebAssembly JS APIs generation
  • Fuzzing Web-Browsers (Chrome, Firefox, WebKit)
  • Wasm module validation mechanism
  • Writing edge case modules
  • Wat, Wast & Wasm generation using grammars
  • Interesting VM targets (kernel, blockchain, ...)
  • Fuzzing C/C++/Rust/Go based WebAssembly projects
  • WebAssembly applied for Security Researcher toolings
  • In-memory fuzzing everything using WebAssembly & Frida

Key Learning Objectives

  • Learn what is WebAssembly and what’s inside a WebAssembly module.
  • Discover the architecture of the WebAssembly virtual machine.
  • Learn how to analyze statically and dynamically real-life wasm modules.
  • Discover how to hack video games running on your browsers using WebAssembly.
  • Learn how to find vulnerability inside WebAssembly module and how to exploit them.
  • Study and analyze the module validation mechanism to bypass it.
  • Learn how to apply mutation, grammar and evolutionary fuzzing on WebAssembly VM.
  • Discover how WebAssembly can help you in your day-to-day security work.

Class requirements

  • Basic reverse engineering skills.
  • Familiarity with scripting languages (Python, Bash).
  • Familiarity with C/C++ or Rust programming.

Hardware & Software Requirements

  • A notebook capable of running virtual machines.
  • Enough hard disk space to run one VM
  • One VM hypervisor installed (VirtualBox preferred)
  • Administrator / root access required.
  • IDA helpful but not required.
Training by Patrick Ventuzelo

Patrick is a security researcher focused on fuzzing, reverse engineering and vulnerability research targeting WebAssembly and Rust security.

Can't attend? All of our trainings are also available as a private classes for your company.

Access all of our classes and profesionally edited recordings.
All of our courses are also available as private trainings.
Courses are offered multiple times in different timezones.