2019-10-22, 10:30–12:00, Fischbach
WebAssembly (WASM) is a new binary format currently supported by all major web-browsers (Firefox, Chrome, Safari and Edge). WebAssembly module are most commonly compiled from C/C++/Rust source code, loaded and executed inside JS scripts. It is known for being used for malicious purposes like cryptojacking but you will legitimately found usage of WebAssembly inside web-browsers addons, nodejs module or even blockchain smart contracts.
In this workshop, I will first introduce WebAssembly concepts and why it’s consider as a “game changer for the web”. Secondly, I will expose how to analyze a WebAssembly module using different techniques (static & dynamic) as well as some open-source tools that make you the life easier (Octopus, Wasabi, ...). Finally, we will hands-on with simple examples/crackmes and finally go throws the analysis of cryptominers.
The following point will be discussed in this workshop.
- WebAssembly Basics
- WebAssembly Runtime VM
- Module dissection
- Reversing wasm module
- Dynamic analysis
Patrick Ventuzelo is a french security researcher specializing in Vulnerability research, Reverse engineering, Security tool development, and Program analysis. Patrick is the author of Octopus, one of the first Open-source security analysis tool that support WebAssembly and multiple Blockchain Smart Contract to help researchers perform Analysis on closed-source bytecode.
Previously, Patrick was working for Quoscient GmbH, P1 Security, the French Department Of Defense and Airbus D&S Cybersecurity.
Patrick has been Speaker and Trainer at various international security conferences (FIRST, Northsec, BlackAlps, hack.lu, Toorcon, REcon Montreal/Brussels, SSTIC)