WebAssembly (WASM) is a new binary format currently developed and supported by all major browsers including Firefox, Chrome, WebKit /Safari and Microsoft Edge through the W3C. This new format have been designed to be “Efficient and fast“, “Debuggable“ and “Safe” that why it is often called as the “game changer for the web”.
WebAssembly is used everywhere (not exhaustive):
Web-browsers (Desktop & Mobile)
Cryptojacking (Coinhive, Cryptoloot)
Servers/Website (Nodejs, React, Qt, Electron, Cloudflare workers)
Video games (Unity, UE4)
Blockchain platforms (EOS, Ethereum, Dfinity)
Linux Kernel (Cervus, Nebulet)
… and more
This course will give you all the prerequisites to understand what is a WebAssembly module and its associated runtime virtual machine. At the end of four intensive days, you will be able to statically and dynamically reverse a WebAssembly module, analyze its behavior, create specific detection rules and search for vulnerabilities & WebAssembly security issues. You will discover which security measures are implemented by the WebAssembly VM to validate and handle exceptions. Finally, you will search for vulnerabilities inside WebAssembly VMs (web browsers, standalone VM) using mutation and generation based fuzzing techniques.
Along this training, students shall be presented with lots of hands-on exercises allowing them to internalize concepts and techniques taught in class.