Comments
yourfanat wrote: I am using another tool for Oracle developers - dbForge Studio for Oracle. This IDE has lots of usefull features, among them: oracle designer, code competion and formatter, query builder, debugger, profiler, erxport/import, reports and many others. The latest version supports Oracle 12C. More information here.
Cloud Computing
Conference & Expo
November 2-4, 2009 NYC
Register Today and SAVE !..
SYS-CON.TV
Today's Top SOA Links


Three Day WebAssembly Security Course: From Reversing to Vulnerability Research (Abu Dhabi, United Arab Emirates - October 13-15, 2019) - ResearchAndMarkets.com

The "WebAssembly Security from Reversing to Vulnerability Research" conference has been added to ResearchAndMarkets.com's offering

WebAssembly (WASM) is a new binary format currently developed and supported by all major browsers including Firefox, Chrome, WebKit /Safari and Microsoft Edge through the W3C. This new format has been designed to be "Efficient and fast", "Debuggable" and "Safe" that is why it is often called as the "game changer for the web" but it is not used ONLY for the web.

WebAssembly started actually to be used everywhere (not exhaustive):

  • Web-browsers (Desktop & Mobile)
  • Cryptojacking (Coinhive, Cryptoloot)
  • Servers/Website (Nodejs, React, Qt, Electron, Cloudflare workers)
  • Video games (Unity, UE4)
  • Blockchain platforms (EOS, Ethereum, Dfinity)
  • Linux Kernel (Cervus, Nebulet) Etc.

This courses will give you all the prerequisites to understand what's a WebAssembly module and its runtime virtual machine. At the end of the 3 days, you will be able to reverse statically and dynamically a WebAssembly module, analyze its behavior, create detection rule and search for vulnerability insides.

You will learn which security measures are implemented by the WebAssembly VM to validate and handle exceptions. Finally, you will discover how to find vulnerabilities inside WebAssembly VMs (Web-browsers, Standalone VM) using different fuzzing techniques.

Along this training, students will deal with a lot of hands-on exercises and real-life module allowing them to internalize concepts and techniques taught in class.

INTENDED AUDIENCE

This class is intended for everyone who wants to understand deeper how WebAssembly works such as:

  • (Web) Pentester.
  • Vulnerability researchers.
  • Malware analysts.
  • Blockchain smart contract auditors.
  • Developers etc
CLASS REQUIREMENTS

Prerequisites

  • Familiarity with scripting languages (Python, Bash).
  • Familiarity with C/C++ or Rust programming.
  • SKILL LEVEL: BEGINNER/INTERMEDIATE

Hardware

  • A notebook capable of running virtual machines.
  • Enough hard disk space to run one VM

Minimum Software to Install

  • Virtual machine (VirtualBox preferred)
  • Administrator / root access required.
  • IDA helpful, but not required.

Agenda:

Day 1 - WebAssembly Reversing

  • Introduction to WebAssembly
  • WebAssembly VM architecture & toolchain
  • Writing examples in C/C++/Rust
  • WASM binary format (header, sections, ...)
  • WASM Text Format (wat/wast)
  • Reversing WebAssembly module
  • CFG & CallGraph reconstruction
  • DataFlowGraph analysis
  • WebAssembly Cryptominers analysis
  • WASM pattern detection signatures (YARA rules, ...)

Day 2 - Dynamic analysis

  • Debugging WebAssembly module
  • Taint Tracking & Dynamic Binary Instrumentation (DBI)
  • Bytecode (De)-Obfuscation techniques
  • Decompilation & Static Single Assignment (SSA)
  • Real-life WASM module analysis
  • Traps & Exception handling
  • WASM module validation mechanism
  • Lifting WASM bytecode

Day 3 - Vulnerability Research (Module & VM)

  • Basic WebAssembly module vulnerabilities (Integer/Buffer/Heap Overflows)
  • Advanced vulnerabilities (UaF, TOCTOU, CFI Hijacking, ...)
  • Emscripten vulnerabilities & NodeJS server exploitation
  • Fuzzing WebAssembly modules
  • Web-Browsers vulnerabilities analysis (CVEs PoC)
  • Fuzzing Web-Browsers (Chrome, Firefox, WebKit)
  • WAT, WAST & WASM grammar generation
  • Fuzzing C/C++/Rust/Go based WASM projects

For more information about this conference visit https://www.researchandmarkets.com/r/m2m97j

About Business Wire
Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Subscribe to the World's Most Powerful Newsletters
Subscribe to Our Rss Feeds & Get Your SYS-CON News Live!
Click to Add our RSS Feeds to the Service of Your Choice:
Google Reader or Homepage Add to My Yahoo! Subscribe with Bloglines Subscribe in NewsGator Online
myFeedster Add to My AOL Subscribe in Rojo Add 'Hugg' to Newsburst from CNET News.com Kinja Digest View Additional SYS-CON Feeds
Publish Your Article! Please send it to editorial(at)sys-con.com!

Advertise on this site! Contact advertising(at)sys-con.com! 201 802-3021

SYS-CON Featured Whitepapers
ADS BY GOOGLE