Embark on a comprehensive exploration of WebAssembly Virtual Machine fuzzing in this 38-minute Black Hat conference talk. Gain a thorough understanding of WebAssembly fundamentals before delving into the intricacies of VM architecture. Discover various attack surfaces and learn effective fuzzing strategies for targeting different VM components, from module parsing to runtime execution engines. Explore diverse fuzzing frameworks and techniques, including coverage-guided, structural, and differential fuzzing, to maximize success rates across multiple implementations. Examine the journey that led to the discovery of over 50 bugs and vulnerabilities in numerous C/C++/Rust projects. Conclude with a comprehensive overview of results, focusing on impactful vulnerabilities uncovered during this extensive research.
Overview
Syllabus
A Journey Into Fuzzing WebAssembly Virtual Machines
Taught by
Black Hat