UNLOCK WEBASSEMBLY: SECURITY ANALYSIS & REVERSING EXPERTISE
Delve deep into WebAssembly's internal, mastering bytecode analysis and advanced reversing techniques.
This courses will give you all the prerequisites to understand what’s a WebAssembly module and its associated virtual machine. At the end of this intensive 4 days, you will be able to reverse statically and dynamically a WebAssembly module, analyze its behavior, create detection rule and search for vulnerabilities and security issues. You will learn which security measures are implemented by the WebAssembly VM to validate and handle exceptions. Finally, you will discover how to find vulnerabilities inside WebAssembly VMs (Web-browsers, Standalone VM) using differents fuzzing techniques.
Along this training, students will deal with a lots of hands-on exercises allowing them to internalize concepts and techniques taught in class.
COURSE SYLLABUS
Module 1 - WebAssembly Reverse Engineering
- Introduction to WebAssembly ecosystem
- WebAssembly compilation and toolchain
- Instructions set and Debugging WebAssembly module
- WebAssembly binary and Text Format
- WebAssembly Module reversing
- CFG & Call Graph reconstruction
- Data Flow Graph analysis
Module 2 - Advanced WebAssembly Modules Analysis
- Modules Instructions analytics/metrics
- Cryptominers analysis and Pattern detection signatures
- Dynamic Binary Instrumentation (DBI)
- Bytecode (De)-Obfuscation techniques
- Static Single Assignment (SSA) & Decompilation
- Hacking WebAssembly video game
COURSE OBJECTIVES
Learning objectives
Prerequisites
Who should attend?
- Learn what is WebAssembly and what’s inside a WebAssembly module.
- Discover the architecture of the WebAssembly virtual machine.
- Learn how to analyze statically and dynamically real-life wasm modules.
- Discover how to hack video games running on your browsers using WebAssembly.
- Basic reverse engineering skills.
- Familiarity with scripting (Python, Bash).
- SKILL LEVEL: BEGINNER / INTERMEDIATE
- A working laptop capable of running virtual machines
- 4GB RAM required, at a minimum
- 40 GB free Hard disk space
- VirtualBox
- Administrator / root access MANDATORY
- IDA Pro would be helpful but not required
This course is suitable for people that are new to WebAssembly. All the theory and concepts about WebAssembly reversing will be explained during the course.
- Software developers
- Security engineers
- Vulnerability researchers
- Bug bounty hunters
- Pentesters & Red team professionals
- Anyone who want to learn more about C/C++ fuzzing
Testimonials
"Learned so much about modern WebAssembly security. The lecture and exercise learning format is excellent! It's very worth it and I highly recommend Patrick's course!"
Zion.P
Security engineer
"Great training, covering a lot of information from beginner level and then building up slowly up to advanced stuff."
Adrian.T
Vulnerability researcher
"Learned a lot from the training. If you interested in auditing wasm modules, this is the course for you!"
Anonymous
Pentester
"A very well designed training with tons to learn. Most importantly the guidance and workflow from Patrick makes this training a must have when entering the Wasm space."
Georgios.D
Software engineer