Embark on a comprehensive exploration of WebAssembly Virtual Machine fuzzing in this 38-minute Black Hat conference talk. Gain a thorough understanding of WebAssembly fundamentals before delving into the intricacies of VM architecture. Discover various attack surfaces and learn effective fuzzing strategies for targeting different VM components, from module parsing to runtime execution engines. Explore diverse fuzzing frameworks and techniques, including coverage-guided, structural, and differential fuzzing, to maximize success rates across multiple implementations. Examine the journey that led to the discovery of over 50 bugs and vulnerabilities in numerous C/C++/Rust projects. Conclude with a comprehensive overview of results, focusing on impactful vulnerabilities uncovered during this extensive research.
A Journey Into Fuzzing WebAssembly Virtual Machines
Overview
Syllabus
A Journey Into Fuzzing WebAssembly Virtual Machines
Taught by
Black Hat
Related Courses
-
Fuzzing and Exploiting Virtual Channels in Microsoft Remote Desktop Protocol for Fun and Profit
-
Optimized Fuzzing IOKit in iOS
-
HAFL1 - Our Journey of Fuzzing Hyper-V and Discovering a 0-Day
-
The Problems and Promise of WebAssembly
-
ClusterFuzz - Fuzzing at Google Scale
-
Is WebAssembly Really Safe? - Wasm VM Escape and RCE Vulnerabilities Have Been Found in New Way
