FuzzingLabs Academy/Introduction to WebAssembly Security

  • Free

Introduction to WebAssembly Security

  • Course
  • 7 Lessons

Learn more about WebAssembly internals and security.

What will you learn?

This FREE course is an introduction to WebAssembly Security.

More videos will come in the future so don't forget to accept emails communication to be aware of when new videos will arrive. If you want to make any proposal, please contact me using the website chatbox or by mail at fuzzinglabs@gmail.com.

Dissection of WebAssembly module

This talk has been given in Nov 2018 at the Toorcon San Diego conference when I was still working for my older employer. It's still a good introduction to WebAssembly analysis and a really short overview of my WebAssembly training.

In this talk, I will first introduce WebAssembly concepts and who currently used it in the wild. Secondly, I will show different WebAssembly VM available and explain the security measures implemented into it. Finally, I will show you, throw real life WASM modules, how to do static analysis, using techniques such as reversing, control flow and calls flow analysis, to understand deeper its behaviors. Along the talk, I will used multiple open source tools but mainly the one that I have developed and that is already available on Github (Octopus).

Analyze & Detect WebAssembly Cryptominer

This talk has been given in June 2019 at the FIRST conference when I was still working for my older employer. It's still a good introduction to WebAssembly cryptominer analysis and represent a  short overview of my WebAssembly training.

First, I will introduce WebAssembly concepts and how it is currently used. Secondly, I will analyze some Cryptominer module using static and dynamic analysis (reversing, decompilation, DBI, ...) applied on WebAssembly. Finally, I will expose some techniques to detect and mitigate them.
Along the talk, I will used multiple open source tools but also Octopus, a Security Analysis tool for WebAssembly module, that I have developed and already available on Github (https://github.com/pventuzelo/octopus).

Top 7 Books to learn WebAssembly & wasm security in 2022

In this video, I'm sharing with you my favorite books to learn WebAssembly whatever if you're a beginner or an advanced/experimented user! Some of those resources are fully available online for free and are real game-changers in your journey to learn more about wasm module and runtime!

A Journey into Fuzzing WebAssembly Virtual Machine [BHUSA 2022]

During this talk, we will introduce what is WebAssembly, dive deeper into WebAssembly VM architecture, identify the attack surface and explain our fuzzing strategy to target each different VM component, from module parsing to runtime execution engine. Also, since we are not targeting only one implementation, we will maximize our success rate by using different fuzzing frameworks and techniques such as coverage-guided, structural, and differential fuzzing.

What's included?

Dissection of WebAssembly module

Video
    Toorcon20_2018_Dissection_WebAssembly_module_full.pdf
    • 6.33 MB

    Analyze & Detect WebAssembly Cryptominer

    Video
    • 54 mins
    • 164 MB
    FIRST2019_wasm_cryptominer_full.pdf
    • 5.76 MB

    Top 7 Books to learn WebAssembly & wasm security in 2022

    Video

      A Journey into Fuzzing WebAssembly Virtual Machine [BHUSA 2022]

      Video
        BHUSA22_fuzzing_webassembly_vm_patrick_ventuzelo.pdf
        • 5.69 MB

        • $2,400

        WebAssembly Reversing and Dynamic Analysis

        • Bundle
        • 3 Products

        Learn how to reverse engineer WebAssembly modules, handle bytecode obfuscation and perform in-depth dynamic analysis. 🎞️ 69 videos / ⏱️ 8.5 hours / 👨‍💻 25+ exercises

        Meet Your Instructor

        Hey! 👋 My name is Patrick and I'm the founder of FuzzingLabs, a research-oriented security company specializing in fuzzing, vulnerability research, and reverse engineering.

        Over time, we found hundreds of bugs and presented our work at various security conferences around the globe, including BlackHat USA, OffensiveCon, REcon, Devcon, EthCC, RingZer0, ToorCon, hack.lu, NorthSec, Microsoft DCC, etc.

        You can read more about me by clicking here.

        FREE Resources & Trainings

        Enter your email to receive special deals and a bundle of awesome resources. 100% free - 100% awesome. 👇

        You're signing up to receive emails from FuzzingLabs Academy