Completed
Tasks at hand
Class Central Classrooms beta
YouTube videos curated by Class Central.
Classroom Contents
BLEEDINGBIT - Your APs Belong to Us
Automatically move to the next video in the Classroom when playback concludes
- 1 Intro
- 2 Agenda
- 3 Why Bluetooth Low Energy?
- 4 Why do APs support BLE?
- 5 BLE Attack surface
- 6 OTA solutions over BLE
- 7 BLE in Aruba Access Points
- 8 OAD in General
- 9 OAD in Aruba Access Points
- 10 Extracting BLE firmware
- 11 Analyzing custom OAD
- 12 OTA OAD OMG
- 13 What would a BLEEDINGBIT attack look like? black hat
- 14 BLE Discovery
- 15 BLE link layer
- 16 TI CC2640 Architecture
- 17 CC2640 Memory Corruption
- 18 Lets try and crash it
- 19 Packet Length: Main Core vs Radio Core black hat
- 20 Case Study
- 21 What is being overwritten?
- 22 Where will the overflow data come from? black hat
- 23 Inter-core communication
- 24 Overflow mechanics
- 25 Spray
- 26 Exploit strategy
- 27 Size limitation
- 28 Tasks at hand
- 29 Making our first success last forever black hat
- 30 Restoring execution - Take 1
- 31 Restoring execution - Take 2
- 32 Installing a backdoor
- 33 Shellcode