This talk has been given in June 2019 at the FIRST conference when I was still working for my older employer QuoScient. It's still a good introduction to WebAssembly cryptominer analysis and represent a short overview of my WebAssembly training.
First, I will introduce WebAssembly concepts and how it is currently used. Secondly, I will analyze some Cryptominer module using static and dynamic analysis (reversing, decompilation, DBI, ...) applied on WebAssembly. Finally, I will expose some techniques to detect and mitigate them.
Along the talk, I will used multiple open source tools but also Octopus, a Security Analysis tool for WebAssembly module, that I have developed and already available on Github (https://github.com/pventuzelo/octopus