BLEEDINGBIT - Your APs Belong to Us

BLEEDINGBIT - Your APs Belong to Us

Black Hat via YouTube Direct link

BLE Attack surface

5 of 33

5 of 33

BLE Attack surface

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

BLEEDINGBIT - Your APs Belong to Us

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Intro
  2. 2 Agenda
  3. 3 Why Bluetooth Low Energy?
  4. 4 Why do APs support BLE?
  5. 5 BLE Attack surface
  6. 6 OTA solutions over BLE
  7. 7 BLE in Aruba Access Points
  8. 8 OAD in General
  9. 9 OAD in Aruba Access Points
  10. 10 Extracting BLE firmware
  11. 11 Analyzing custom OAD
  12. 12 OTA OAD OMG
  13. 13 What would a BLEEDINGBIT attack look like? black hat
  14. 14 BLE Discovery
  15. 15 BLE link layer
  16. 16 TI CC2640 Architecture
  17. 17 CC2640 Memory Corruption
  18. 18 Lets try and crash it
  19. 19 Packet Length: Main Core vs Radio Core black hat
  20. 20 Case Study
  21. 21 What is being overwritten?
  22. 22 Where will the overflow data come from? black hat
  23. 23 Inter-core communication
  24. 24 Overflow mechanics
  25. 25 Spray
  26. 26 Exploit strategy
  27. 27 Size limitation
  28. 28 Tasks at hand
  29. 29 Making our first success last forever black hat
  30. 30 Restoring execution - Take 1
  31. 31 Restoring execution - Take 2
  32. 32 Installing a backdoor
  33. 33 Shellcode

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.