WebAssembly Security
“From Reversing to Vulnerability Research”

WebAssembly (WASM) is a new binary format currently developed and supported by all major browsers including Firefox, Chrome, WebKit /Safari and Microsoft Edge through the W3C. This new format have been designed to be “Efficient and fast“, “Debuggable“ and “Safe” that why it is often called as the “game changer for the web”.

WebAssembly start to be used everywhere (not exhaustive):

  • Web-browsers (Desktop & Mobile)
  • For Cryptojacking (Coinhive, Cryptoloot, …)
  • Nodejs servers
  • Cloudflare workers
  • Video games (Unity, UE4)
  • Blockchain platforms (EOS/ETH)
  • Linux Kernel (Cervus, Nebulet)

This courses will give you all the prerequisites to understand WebAssembly module and it’s virtual machine model. At the end of this intensive 4 days, you will learn which security measures are implemented by WebAssembly VM to validate and handle exceptions. You will be able to reverse statically and dynamically a WebAssembly module, analyze its behavior, create detection rule and search for vulnerability insides. Finally, you will discover how to do vulnerability research and fuzzing on those VM.

Along this training, students will deal with a lots of hands-on exercises allowing them to internalize concepts and techniques taught in class. Hope you will like it !!