WebAssembly (wasm) is a new binary format developed and supported by all major browsers including Firefox, Chrome, Safari and Microsoft Edge through the W3C. This new format have been designed to be efficient, fast, debuggable and safe.
WebAssembly is being used everywhere, for example:
- Web-browsers (Desktop & Mobile)
- Cryptojacking (Coinhive, Cryptoloot)
- Servers/Website (Nodejs, React, Qt, Electron, Cloudflare workers)
- Video games (Unity, UE4)
- Blockchain platforms (EOS, Ethereum, Dfinity)
- Linux Kernel (Cervus, Nebulet)
- ... and more
This course will give you all the prerequisites to understand what is a WebAssembly module and its associated runtime virtual machine. At the end of four intensive days, you will be able to statically and dynamically reverse a WebAssembly module, analyze its behavior, create specific detection rules and search for vulnerabilities & security issues. You will discover which security measures are implemented by the WebAssembly VM to validate and handle exceptions. Finally, you will search for vulnerabilities inside WebAssembly VMs (web browsers, standalone VM) using mutation and generation based fuzzing techniques.
As part of this training, participants will be provided numerous hands-on exercises allowing them to internalize concepts and techniques taught in class.