Skip to content
Patrick Ventuzelo

Patrick Ventuzelo

Vulnerability research | Fuzzing | Reversing | WebAssembly | Ethereum

  • Trainings
  • Talks
  • Workshops
  • Blogposts
  • Projects
  • |
  • About

Tag: fuzzing

Posted on 2020-02-182020-02-18

Blogpost: Fuzz testing in WebAssembly VMs

2020/02/18 @ wasmer medium

In the last months I’ve been working developing fuzzing targets to find bugs and create patches for the Wasmer WebAssembly runtime.

In this post we will learn what is fuzzing, why it is important for WebAssembly runtimes and what kind of bugs fuzzing helped to detect.

link / pdf

Posted on 2020-02-032023-02-15

Blogpost: Fuzzing npm/nodejs WebAssembly parsing library with jsfuzz

2020/01/30 @ webassembly-security.com

In this short blogpost, I will first introduce jsfuzz, a coverage-guided fuzzer for javascript/nodejs packages. Then, I’ll discuss about the wasm binary parsing library I decided to target. Finally, I’ll explain how to create a jsfuzz target script and show the OOM/DoS crash I found.

link / pdf

Posted on 2020-01-292023-02-15

Blogpost: Fuzzing JavaScript WebAssembly APIs using Dharma/Domato (Chrome/v8)

2020/01/09 @ webassembly-security.com

In this blogpost, I will first detailed WebAssembly Javascript APIs supported by major browsers. Then, I’ll explains how to use Dharma to generate valid Javascript file to fuzz WebAssembly APIs. Finally, I’ll show an easy way to execute those generated testcases over ASAN build of Chrome/V8.

link, pdf

Categories

  • posts (8)
  • talks (8)
  • workshop (6)

Recent Posts

  • Workshop @ EthCC 2020: Reversing Ewasm contract 101
  • Blogpost: Fuzz testing in WebAssembly VMs
  • Blogpost: Fuzzing npm/nodejs WebAssembly parsing library with jsfuzz
  • Blogpost: Fuzzing JavaScript WebAssembly APIs using Dharma/Domato (Chrome/v8)
  • Blogpost: How to create a valid polyglot HTML/JS/WebAssembly module
Tweets by Pat_Ventuzelo

Copyright © 2018 – Patrick Ventuzelo

  • twitter
  • github
  • linkedin
Proudly powered by WordPress