2019/06/17 @ FIRST conference 2019
WebAssembly (WASM) is a new binary format currently developed and supported by all major browsers including Firefox, Chrome, WebKit /Safari and Microsoft Edge through the W3C.
First, I will introduce WebAssembly concepts and how it is currently used. Secondly, I will analyze some Cryptominer module using static and dynamic analysis (reversing, decompilation, DBI, …) applied on WebAssembly. Finally, I will expose some techniques to detect and mitigate them.
Along the talk, I will used multiple open source tools but also Octopus, a Security Analysis tool for WebAssembly module, that I have developed and already available on Github (https://github.com/quoscient/octopus).
- WebAssembly Basics
- Module dissection
- Program analysis
- WebAssembly Cryptominers
- Analysis (Coinhive & Cryptoloot)
- Cryptominers detection