Категории

A Journey Into Fuzzing WebAssembly Virtual Machines

Опубликовано: 10 Октябрь 2024
на канале: Black Hat
1,518
28

...During this talk, we will introduce what is WebAssembly, dive deeper into WebAssembly VM architecture, identify the attack surface and explain our fuzzing strategy to target each different VM component, from module parsing to runtime execution engine. Also, since we are not targeting only one implementation, we will maximize our success rate by using different fuzzing frameworks and techniques such as coverage-guided, structural, and differential fuzzing.This journey leads us to the discovery of more than 50 bugs/vulnerabilities across a dozen of C/C++/Rust projects. We will conclude with a global result overview with a focus on some concrete impactful vulnerabilities.

By: Patrick Ventuzelo

Full Abstract and Presentation Materials: https://www.blackhat.com/us-22/briefi...

play_arrow
177,221
1.2 тыс

The Who - Be Lucky (Official Audio)

The Who - Be Lucky (Official Audio)
play_arrow
11,033
222

Кулич из Венского теста - результат получаеться с первого раза. Замес теста

Кулич из Венского теста - результат получаеться с первого раза. Замес теста
play_arrow
51,170
208

All You Need to Know About Pakistan’s HQ-9 Air Defence System

All You Need to Know About Pakistan’s HQ-9 Air Defence System
play_arrow
71
4

Как создать простой сайт/лендинга на Tilda на один экран без опыта и знаний. Часть 2.

Как создать простой сайт/лендинга на Tilda на один экран без опыта и знаний. Часть 2.
play_arrow
63
2

Python Built-In Modules: Math, OS, and Datetime Explained with Code Examples

Python Built-In Modules: Math, OS, and Datetime Explained with Code Examples
play_arrow
26
3

Hand Simulator Episode 1 – The Derp Hands

Hand Simulator Episode 1 – The Derp Hands
play_arrow
17,779
299

Telegram channel link not working problem fix🔥 || How to fix telegram channel link not open error!

Telegram channel link not working problem fix🔥 || How to fix telegram channel link not open error!
play_arrow
1,368
45

Jetta из США за 2 недели?

Jetta из США за 2 недели?
Похожие видео
play_arrow
Keynote - Securing Our Cyberspace Together

Keynote - Securing Our Cyberspace Together
play_arrow
Fireside Chat: Jeff Moss and Ruimin He

Fireside Chat: Jeff Moss and Ruimin He
play_arrow
LinkDoor: A Hidden Attack Surface in the Android Netlink Kernel Modules

LinkDoor: A Hidden Attack Surface in the Android Netlink Kernel Modules
play_arrow
Emerging Frontiers: Insights from the Black Hat Asia Review Board

Emerging Frontiers: Insights from the Black Hat Asia Review Board
play_arrow
What the TrustZone-M Doesn't See, the MCU Does Grieve Over: Lessons Learned

What the TrustZone-M Doesn't See, the MCU Does Grieve Over: Lessons Learned
play_arrow
The Hack@DAC Story: Learnings from Organizing the World's Largest Hardware Hacking Competition

The Hack@DAC Story: Learnings from Organizing the World's Largest Hardware Hacking Competition
play_arrow
Privacy Detective: Sniffing Out Your Data Leaks for Android

Privacy Detective: Sniffing Out Your Data Leaks for Android
play_arrow
Debug7: Leveraging a Firmware Modification Attack for Remote Debugging of Siemens S7 PLCs

Debug7: Leveraging a Firmware Modification Attack for Remote Debugging of Siemens S7 PLCs
play_arrow
The Final Chapter: Unlimited ways to bypass your macOS privacy mechanisms

The Final Chapter: Unlimited ways to bypass your macOS privacy mechanisms
play_arrow
One Flip is All It Takes: Identifying Syscall-Guard Variables for Data-Only Attacks

One Flip is All It Takes: Identifying Syscall-Guard Variables for Data-Only Attacks
play_arrow
Faults in Our Bus: Novel Bus Fault Attack to Break Trusted Execution Environments

Faults in Our Bus: Novel Bus Fault Attack to Break Trusted Execution Environments
play_arrow
You Shall Not PASS - Analysing a NSO iOS Spyware Sample

You Shall Not PASS - Analysing a NSO iOS Spyware Sample