WebAssembly Module Advanced Analysis

Learn how to analyze advanced wasm module such as cryptominer, video games and obfuscated module.
🎞️ 33 videos / ⏱️ 4 hours / 📖 160 slides

Buy now

What you'll learn

This second day is more focus on Real World module analysis using both static and dynamic techniques. You will analyze famous WebAssembly cryptominers and discover how to perform dynamic binary instrumentation of wasm module. Then, they will learn which anti-debugging and obfuscation techniques exist for WebAssembly and how to bypass them. Finally, student will hack some video games compiled to WebAssembly and create cheats.

Assignment #1 - Real-World: Cryptominers analysis

Analyze instructions analytics/metrics to find interesting functions.
Compare call graph of different miners to find similarities.
Create YARA detection rules specific for WebAssembly cryptominers.

Assignment #2 - Tracing and Dynamic Binary instrumentation

Trace module execution dynamically
Modify wasm module to hook functions and instructions.
Create DBI analysis script to solve challenges.

Assignment #3 - Anti-debugging and (De)-Obfuscation

Learn how to detect debugger using Javascript and WebAssembly.
Implement some obfuscation techniques into wasm module.
Decompile and remove automatically obfuscation inside wasm codes.

Assignment #4 - Real-World: Hacking WebAssembly games

Discover how advanced modules like video games works.
Explore running memory and find interesting values.
Create cheating patch for different targets.

$2,400

WebAssembly Reversing and Dynamic Analysis

Learn how to reverse engineer WebAssembly modules, handle bytecode obfuscation and perform in-depth dynamic analysis.

Buy now Learn more

What's included?

Welcome & Summary

Quick welcome and presentation of the summary of this course.

Welcome & Overview

Preview

Summary

Preview

Materials

Day2_WebAssembly_Advanced_WebAssembly_Modules_Analysis.pdf

wasm_reversing_day2.zip

Cryptominers Analysis and Detection

1.0 - Instruction Analytics & Metrics

1.1 - WebAssembly Cryptominers

1.2 - Exercise #1 (Coinhive analysis)

Preview

1.3 - Exercise #1 - Solution

1.4 - Exercise #2 (Cryptoloot analysis)

1.5 - Exercise #2 - Solution

1.6 - Cryptominer Detection Techniques

1.7 - Exercise #3 (YARA rules)

1.8 - Exercise #3 - Solution

Dynamic Module Analysis

2.0 - Dynamic Binary Instrumentation

2.1 - Dynamic Binary Instrumentation - Labs

2.2 - CTF challenge #1

2.3 - CTF challenge #1 - Solution

2.4 - Reversing DBI hooks

Preview

2.5 - Tracing WebAssembly Execution

2.6 - Tracing WebAssembly Execution - Labs

Anti-Debugging & (De)Obfuscation Techniques

3.0 - Anti-debugging Techniques

3.1 - Bytecode Obfuscation

3.2 - Bytecode Obfuscation - Labs

3.3 - Bytecode De-Obfuscation

3.4 - Bytecode De-Obfuscation - Labs

3.5 - Real-life Module Analysis - Example

Advanced Analysis Techniques

4.0 - Static Single Assignment

4.1 - Decompilation

4.2 - CTF challenge #2

4.3 - CTF challenge #2 - Solution

4.4 - Symbolic Execution

Hacking WebAssembly Video Games

5.0 - Hacking WebAssembly Games

5.1 - Exercise #1

5.2 - Exercise #2

5.3 - Exercise #3

Conclusion / Thank You

Closing remarks

Provide Quick Feedback Here

Meet Your Instructor

Hey! 👋 My name is Patrick and I'm the founder of FuzzingLabs, a research-oriented security company specializing in fuzzing, vulnerability research, and reverse engineering.

Over time, we found hundreds of bugs and presented our work at various security conferences around the globe, including BlackHat USA, OffensiveCon, REcon, Devcon, EthCC, RingZer0, ToorCon, hack.lu, NorthSec, Microsoft DCC, etc.

You can read more about me by clicking here.

X Linked_in Youtube Website Mail

FREE Resources & Trainings

Enter your email to receive special deals and a bundle of awesome resources. 100% free - 100% awesome. 👇