Reversing WebAssembly Module 101

Back to the list of Speakers and Sessions
WebAssembly (WASM) is a new binary format supported by all the major web-browsers. In this workshop, attendees will learn how to reverse WebAssembly modules (crackmes, cryptominers, browser addons)

WebAssembly (WASM) is a new binary format currently supported by all major browsers (Firefox, Chrome, WebKit /Safari and Microsoft Edge) and executed inside JS scripts. It is already used for malicious purposes like Cryptojacking and can be found inside some web-browsers addons.

In this workshop, I will first introduce WebAssembly concepts and why it’s consider as a “game changer for the web”. Secondly, I will expose different techniques (Static/Dynamic analysis) and tools (Octopus, Wasabi, ...) to perform a WebAssembly module analysis. Finally, we will hands-on with basic examples (crackmes) and go throws some real-life cryptominer and web-browsers plugins using WebAssembly module. Along the talk, I will only used open source tools.

Participants should bring:

Laptop with admin rights (for installing the tools)

Participants must know or have:

Python: notionReversing: notion