Tweet
Tweet

Slide 1

Slide 1 text

A Hacker’s Introduction to Web Assembly A brief overview of Web Assembly and its impact on security.

Slide 2

Slide 2 text

Ayush Priya @ayushpriya10 https://ayushpriya.com

Slide 3

Slide 3 text

Overview ● Why this session? ● What is WASM and why it exists? ● Can python run on browsers? ● Similar Attempts ● WASM vs. JS ● Is WASM secure? ● WASM for exploitation ● Exploiting WASM

Slide 4

Slide 4 text

Why this session? To answer: ● What is Web Assembly? ● Why should you care? ● Is Web Assembly secure? ● How to use Web Assembly for exploitation? ● How to exploit Web Assembly?

Slide 5

Slide 5 text

What is Web Assembly? ● Low-Level Binary ● (Almost) Independent of JavaScript ● Liberty

Slide 6

Slide 6 text

Why does WASM exist?

Slide 7

Slide 7 text

Why does WASM exist? ● Performance Upgrade ○ Load Time ○ Run-time ● Reusability ● Portability

Slide 8

Slide 8 text

Who can use WASM?

Slide 9

Slide 9 text

Almost anyone.

Slide 10

Slide 10 text

Ever ran on a browser?

Slide 11

Slide 11 text

Is WASM the first of its kind?

Slide 12

Slide 12 text

No content

Slide 13

Slide 13 text

Warning: Don’t think Sodium Chloride

Slide 14

Slide 14 text

Is WASM the first of its kind? ● Native Client (NaCl) ● Portable Native Client (PNaCl) ● asm.js

Slide 15

Slide 15 text

But does anyone actually uses WASM?

Slide 16

Slide 16 text

Yes!!

Slide 17

Slide 17 text

Is this the end of JS? JavaScript

Slide 18

Slide 18 text

(Sadly) No. JavaScript Developers

Slide 19

Slide 19 text

WASM vs. JS ● Different goals ○ WASM ■ Performance ■ Portability ○ JS ■ Make people cry

Slide 20

Slide 20 text

But why should I care?

Slide 21

Slide 21 text

But why should I care? ● Wide-spread support ● New vulnerabilities ● New ways to hack

Slide 22

Slide 22 text

Is WASM secure?

Slide 23

Slide 23 text

It is.. And it isn’t.. Security WASM

Slide 24

Slide 24 text

Is WASM secure? ● Control Flow Integrity ● Signature Checks ● Data Execution Prevention Security Web Assembly

Slide 25

Slide 25 text

WASM for Exploitation

Slide 26

Slide 26 text

WASM for Exploitation ● Crypto-mining ● Control Takeover ● Obfuscated Payload

Slide 27

Slide 27 text

How do I exploit WASM?

Slide 28

Slide 28 text

Probably, the only thing you all were waiting for..

Slide 29

Slide 29 text

Unfortunately, you’ll have to wait a bit more..

Slide 30

Slide 30 text

How to write Web Assembly? ● Write C/C++ Code ● Compile to target ● Load with JS

Slide 31

Slide 31 text

How do I exploit WASM? (Pt. 2)

Slide 32

Slide 32 text

How do I exploit Web Assembly? ● Formatted Strings ● Buffer Overflows ● Indirect Function Calls ● Type Confusion Is this hacking?

Slide 33

Slide 33 text

Conclusions ● What is Web Assembly? ○ Low-Level Portable Binary ● Why should you care? ○ Upcoming technology

Slide 34

Slide 34 text

Conclusions ● Is Web Assembly secure? ○ From primitive cases ● How to use Web Assembly for exploitation? ○ Control Take-over, Obfuscation ● How to exploit Web Assembly? ○ BoF, Format Strings, Indirect Function Calls, etc.

Slide 35

Slide 35 text

Congrats. You’re a

Slide 36

Slide 36 text

Questions?