Reversing WebAssembly Module 101

WebAssembly (WASM) is a new binary format supported by all the major web-browsers. In this workshop, attendees will learn how to reverse WebAssembly modules (crackmes, cryptominers, browser addons)

WebAssembly (WASM) is a new binary format currently supported by all major browsers (Firefox, Chrome, WebKit /Safari and Microsoft Edge) and executed inside JS scripts. It is already used for malicious purposes like Cryptojacking and can be found inside some web-browsers addons.

In this workshop, I will first introduce WebAssembly concepts and why it’s consider as a “game changer for the web”. Secondly, I will expose different techniques (Static/Dynamic analysis) and tools (Octopus, Wasabi, ...) to perform a WebAssembly module analysis. Finally, we will hands-on with basic examples (crackmes) and go throws some real-life cryptominer and web-browsers plugins using WebAssembly module. Along the talk, I will only used open source tools.

Participants should bring:

Laptop with admin rights (for installing the tools)

Participants must know or have:

Python: notion Reversing: notion


Patrick Ventuzelo ,

Patrick Ventuzelo is a French security researcher specializing in Vulnerability research, Reverse engineering, Security tool development, and Program analysis. Patrick is the author of Octopus, the first Open-source security analysis tool that support WebAssembly and multiple Blockchain Smart Contract to help researchers perform Analysis on closed-source bytecode.

Currently, Patrick is mainly focus on developing automatic Binary Analysis and Transaction Tracking technique for Quoscient GmbH. Previously, he worked for P1 Security, the French Department Of Defense and Airbus D&S Cybersecurity.

Patrick has been Speaker and Trainer at various international security conferences (BlackAlps, hack.lu, Toorcon, REcon Montreal/Brussels, SSTIC)