Explore the current landscape and future implications of malicious WebAssembly in this 31-minute conference talk. Delve into the evolution of WebAssembly since its introduction in March 2017, examining its performance benefits and various ports. Gain insights into attacker models, prevalence, and usage patterns through comprehensive crawling and cluster analysis. Investigate custom implementations, libraries, and test cases, with a focus on gaming applications. Learn about cryptojacking and mining techniques, as well as obfuscation methods employed by malicious actors. Conclude with a discussion on potential future developments and their impact on web security.
The Now and the Future of Malicious WebAssembly
Overview
Syllabus
Intro
The native Web
WebAssembly (Wasm) Introduced March 2017
Wasm performance
Wasm ports
Using Wasm modules
Attacker models
Crawling
Prevalence
Extent of usage
Cluster analysis
Custom, Library and Test
Games
Primer on mining
Cryptojacking/ Mining
Obfuscation
Possible progress
Conclusion
Taught by
OWASP Foundation
