Web Assembly for Hackers

Transcript

1. A Hacker’s Introduction to Web Assembly A brief overview of

   Web Assembly and its impact on security.

2. Ayush Priya @ayushpriya10 https://ayushpriya.com

3. Overview • Why this session? • What is WASM and

   why it exists? • Can python run on browsers? • Similar Attempts • WASM vs. JS • Is WASM secure? • WASM for exploitation • Exploiting WASM

4. Why this session? To answer: • What is Web Assembly?

   • Why should you care? • Is Web Assembly secure? • How to use Web Assembly for exploitation? • How to exploit Web Assembly?

5. What is Web Assembly? • Low-Level Binary • (Almost) Independent

   of JavaScript • Liberty

6. Why does WASM exist?

7. Why does WASM exist? • Performance Upgrade ◦ Load Time

   ◦ Run-time • Reusability • Portability

8. Who can use WASM?

9. Almost anyone.

10. Ever ran on a browser?

11. Is WASM the first of its kind?

12. None

13. Warning: Don’t think Sodium Chloride

14. Is WASM the first of its kind? • Native Client

    (NaCl) • Portable Native Client (PNaCl) • asm.js

15. But does anyone actually uses WASM?

16. Yes!!

17. Is this the end of JS? JavaScript

18. (Sadly) No. JavaScript Developers

19. WASM vs. JS • Different goals ◦ WASM ▪ Performance

    ▪ Portability ◦ JS ▪ Make people cry

20. But why should I care?

21. But why should I care? • Wide-spread support • New

    vulnerabilities • New ways to hack

22. Is WASM secure?

23. It is.. And it isn’t.. Security WASM

24. Is WASM secure? • Control Flow Integrity • Signature Checks

    • Data Execution Prevention Security Web Assembly

25. WASM for Exploitation

26. WASM for Exploitation • Crypto-mining • Control Takeover • Obfuscated

    Payload

27. How do I exploit WASM?

28. Probably, the only thing you all were waiting for..

29. Unfortunately, you’ll have to wait a bit more..

30. How to write Web Assembly? • Write C/C++ Code •

    Compile to target • Load with JS

31. How do I exploit WASM? (Pt. 2)

32. How do I exploit Web Assembly? • Formatted Strings •

    Buffer Overflows • Indirect Function Calls • Type Confusion Is this hacking?

33. Conclusions • What is Web Assembly? ◦ Low-Level Portable Binary

    • Why should you care? ◦ Upcoming technology

34. Conclusions • Is Web Assembly secure? ◦ From primitive cases

    • How to use Web Assembly for exploitation? ◦ Control Take-over, Obfuscation • How to exploit Web Assembly? ◦ BoF, Format Strings, Indirect Function Calls, etc.

35. Congrats. You’re a

36. Questions?