📖 Slides and 🎞️ video of my talk given at the Toorcon San Diego 2018 conference about WebAssembly reversing and analysis.
This talk has been given in Nov 2018 at the Toorcon San Diego conference when I was still working for my older employer QuoScient. It's still a good introduction to WebAssembly analysis and a really short overview of my WebAssembly training.
In this talk, I will first introduce WebAssembly concepts and who currently used it in the wild. Secondly, I will show different WebAssembly VM available and explain the security measures implemented into it. Finally, I will show you, throw real life WASM modules, how to do static analysis, using techniques such as reversing, control flow and calls flow analysis, to understand deeper its behaviors. Along the talk, I will used multiple open source tools but mainly the one that I have developed and that is already available on Github (Octopus).
In this talk, I will first introduce WebAssembly concepts and who currently used it in the wild. Secondly, I will show different WebAssembly VM available and explain the security measures implemented into it. Finally, I will show you, throw real life WASM modules, how to do static analysis, using techniques such as reversing, control flow and calls flow analysis, to understand deeper its behaviors. Along the talk, I will used multiple open source tools but mainly the one that I have developed and that is already available on Github (Octopus).
1 video
1 file
Contents
Patrick Ventuzelo
Patrick Ventuzelo is a French Independent Security Researcher specialized in vulnerability research, fuzzing, reverse engineering and program analysis.