[WASM] Dissection of WebAssembly module by Patrick Ventuzelo

[WASM] Dissection of WebAssembly module

📖 Slides and 🎞️ video of my talk given at the Toorcon San Diego 2018 conference about WebAssembly reversing and analysis.
This talk has been given in Nov 2018 at the Toorcon San Diego conference when I was still working for my older employer QuoScient. It's still a good introduction to WebAssembly analysis and a really short overview of my WebAssembly training.

In this talk, I will first introduce WebAssembly concepts and who currently used it in the wild. Secondly, I will show different WebAssembly VM available and explain the security measures implemented into it. Finally, I will show you, throw real life WASM modules, how to do static analysis, using techniques such as reversing, control flow and calls flow analysis, to understand deeper its behaviors. Along the talk, I will used multiple open source tools but mainly the one that I have developed and that is already available on Github (Octopus).

Contents

Toorcon20_2018_Dissection_WebAssembly_module_full.pdf
6.33 MB
ToorCon XX — DISSECTION OF WEBASSEMBLY MODULE - Patrick Ventuzelo.mp4
54 mins

Patrick Ventuzelo

Patrick Ventuzelo is a French Independent Security Researcher specialized in vulnerability research, fuzzing, reverse engineering and program analysis. 

Patrick found hundreds of bugs using fuzzing and developed both open-source security tools Octopus and WARF.

Patrick is a regular speaker and trainer at various security conferences around the globe, including REcon, RingZer0, ToorCon, hack.lu, NorthSec, SSTIC, FIRST, Microsoft DCC, BlackAlps, etc.