WebAssembly Security Analysis and Fuzzing

WebAssembly Security training wasm patrick ventuzelo

WebAssembly (WASM) is a new binary format currently developed and supported by all major browsers including Firefox, Chrome, WebKit /Safari and Microsoft Edge through the W3C. This new format have been designed to be “Efficient and fast“, “Debuggable“ and “Safe” that why it is often called as the “game changer for the web”.

WebAssembly is used everywhere (not exhaustive):

Web-browsers (Desktop & Mobile)
Cryptojacking (Coinhive, Cryptoloot)
Servers/Website (Nodejs, React, Qt, Electron, Cloudflare workers) 
Video games (Unity, UE4)
Blockchain platforms (EOS, Ethereum, Dfinity)
Linux Kernel (Cervus, Nebulet)
… and more

This course will give you all the prerequisites to understand what is a WebAssembly module and its associated runtime virtual machine. At the end of four intensive days, you will be able to statically and dynamically reverse a WebAssembly module, analyze its behavior, create specific detection rules and search for vulnerabilities & WebAssembly security issues. You will discover which security measures are implemented by the WebAssembly VM to validate and handle exceptions. Finally, you will search for vulnerabilities inside WebAssembly VMs (web browsers, standalone VM) using mutation and generation based fuzzing techniques.

Along this training, students shall be presented with lots of hands-on exercises allowing them to internalize concepts and techniques taught in class.

COURSE OUTLINE

Day 1 - WebAssembly Reversing

  • Introduction to WebAssembly
  • WebAssembly VM architecture
  • WebAssembly toolchain
  • Writing examples in C/C++/Rust/C#
  • Debugging WebAssembly module
  • WASM binary format (header, sections)
  • WebAssembly Text Format (wat/wast)
  • WebAssembly Instructions set
  • Coding with WASM Text format
  • Reversing WebAssembly module
  • CFG & CallGraph reconstruction
  • DataFlowGraph analysis
  • Browser Addons reversing

Day 2 - Real-life Modules Analysis

  • Modules Instructions analytics/metrics
  • WASM cryptominers analysis
  • Pattern detection signatures (YARA)
  • Taint Tracking
  • Dynamic Binary Instrumentation
  • Bytecode (De)-Obfuscation techniques
  • Static Single Assignment & Decompilation
  • Real-life WASM module analysis
  • Hacking WebAssembly video game

Day 3 - Wasm Modules Vulnerabilities

  • Traps & Exception handling
  • WebAssembly module vulnerabilities
  • Integer/Buffer/Heap Overflows
  • Advanced vulnerabilities (UaF, TOCTOU…)
  • CFI Hijacking
  • Emscripten vulnerabilities
  • Exploitation NodeJS server running wasm module
  • Vulnerability detection (Static & Dynamic)
  • Lifting WASM bytecode
  • Fuzzing WebAssembly modules

Day 4 - Vulnerability Research inside Wasm VM

  • Web-Browsers vulnerabilities analysis (CVEs PoC)
  • WebAssembly VM & Interpreter vulnerabilities
  • WebAssembly JS APIs generation
  • Fuzzing Web-Browsers (Chrome, Firefox, WebKit)
  • WASM module validation mechanism
  • Writing edge case module
    WAT, WAST & WASM
  • grammar generation
  • Blockchain VM targets
  • Fuzzing C/C++/Rust/Go WASM project
  • WebAssembly for Security Researcher
  • In-memory fuzzing everything using WebAssembly & Frida

KEY LEARNING OBJECTIVES

CLASS REQUIREMENTS

Prerequisites:

  • Basic reverse engineering skills.
  • Familiarity with scripting (Python, Bash).
  • Familiarity with C/C++ or Rust programming.
  • SKILL LEVEL: BEGINNER / INTERMEDIATE

Laptop Requirements:

  • A working laptop capable of running virtual machines
  • 4GB RAM required, at a minimum
  • 40 GB free Hard disk space
  • VirtualBox
  • Administrator / root access MANDATORY
  • IDA Pro would be helpful but not required

FREE Courses & Training

Enter your email and we'll send you a bundle of awesome resources. 100% free - 100% awesome.

Any questions about our services and trainings ?

Get in touch today with any questions that you might have.