Fuzzing blogpost focused on fuzzing, vulnerability research, WebAssembly and Rustlang | Fuzzing Labs.
Fuzzing Python code using pythonfuzz in less than 5 min In this course, I will first select a popular Python package and find some code source example using interesting methods to fuzz. Then, I’ll explains how to create a python fuzzing target and how to customize it. Finally, I’ll show how to run the fuzzer and explain some particularity of pythonfuzz. You will get…
Fuzzing Rust library using cargo fuzz / libfuzzerin less than 5 min I recently released my Rust security Audit and Fuzzing online course and a lot of people asked me to also create a short tutorial about rust fuzzing using cargo fuzz. In this course, I will first select a popular Rust library and identify the most interesting…
Reversing Ewasm smart contracts 101 – EthCC 2020 I just gave a talk/workshop today (03/2020) at EthCC 2020 (Paris – France), about reversing Ewasm (Ethereum flavored WebAssembly) smart contract. In this talk, I briefly introduce WebAssembly concepts , Ewasm ethereum specificity and opcodes/instructions. Secondly, I show how to create Ewasm smart contracts and expose different techniques/tools…
Fuzzing javascript nodejs/npm WebAssembly parsing library with jsfuzz I asked recently on twitter what should be my next blogpost subject and voters choose this one, so here it is. In this short blogpost, I will first introduce jsfuzz, a coverage-guided javascript fuzzer for nodejs/npm packages. Then, I’ll discuss about the wasm binary parsing library I…
Fuzzing JavaScript WebAssembly APIs using Dharma/Domato (V8 engine) First of all, Happy new hacking year everyone 😉 I got asked multiple time if fuzzing WebAssembly APIs of Javascript engines is complicated, so here is a short tutorial using Dharma (but you can use Domato if you prefer). In this blogpost, I will first detailed which WebAssembly…
How to create polyglot HTML/JS/WebAssembly module Just a bit of context first, so last month I was at the hack.lu conference to give a workshop about “Reversing WebAssembly module 101” and spend some amazing time with friends. Workshop goes well, attendees were really interested and even better I received the award of the best talk/workshop…
Analysis of Google Keep WebAssembly module Last month, i was at REcon Montreal to give my training about WebAssembly Security and after some discussion people always ask me this question: Is WebAssembly already used in the wild? The answer is of course YES and some WebAssembly modules are potentially running right now in your browser…
