SLIDES: Analyze & Detect WebAssembly Cryptominer by Patrick Ventuzelo

SLIDES: Analyze & Detect WebAssembly Cryptominer

Slides of my talk given at the FIRST 2019 conference about WebAssembly cryptominer analysis and detection.
This talk has been given in June 2019 at the FIRST conference when I was still working for my older employer QuoScient. It's still a good introduction to WebAssembly cryptominer analysis and represent a  short overview of my WebAssembly training.

First, I will introduce WebAssembly concepts and how it is currently used. Secondly, I will analyze some Cryptominer module using static and dynamic analysis (reversing, decompilation, DBI, ...) applied on WebAssembly. Finally, I will expose some techniques to detect and mitigate them.
Along the talk, I will used multiple open source tools but also Octopus, a Security Analysis tool for WebAssembly module, that I have developed and already available on Github (https://github.com/pventuzelo/octopus).

What's included?

File Icon 1 file

Contents

FIRST2019_wasm_cryptominer_full.pdf
5.76 MB

Patrick Ventuzelo

Patrick Ventuzelo is a French Independent Security Researcher specialized in vulnerability research, fuzzing, reverse engineering and program analysis. 

Patrick found hundreds of bugs using fuzzing and developed both open-source security tools Octopus and WARF.

Patrick is a regular speaker and trainer at various security conferences around the globe, including RingZer0, REcon Montreal, ToorCon, hack.lu, NorthSec, REcon Brussels, SSTIC, FIRST, Microsoft DCC, BlackAlps, etc.