Broadpwn - Remotely Compromising Android and iOS via a Bug in Broadcom's Wi-Fi Chipsets

Broadpwn - Remotely Compromising Android and iOS via a Bug in Broadcom's Wi-Fi Chipsets

Black Hat via YouTube Direct link

Research

9 of 38

9 of 38

Research

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

Broadpwn - Remotely Compromising Android and iOS via a Bug in Broadcom's Wi-Fi Chipsets

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Introduction
  2. 2 What is a remote exploit
  3. 3 Google Project Zero
  4. 4 Mitigations
  5. 5 Baseband and WiFi
  6. 6 Baseband fragmentation
  7. 7 Market leader
  8. 8 Bonus
  9. 9 Research
  10. 10 Reversed Firmware
  11. 11 Source Leak
  12. 12 First Quiz
  13. 13 WiFi Association Process
  14. 14 Arrow Dump
  15. 15 Identifying Access Points
  16. 16 No Authentication
  17. 17 Attack Surface
  18. 18 Reverse Engineering
  19. 19 IAI Powers Function
  20. 20 Mapping xrefs
  21. 21 What is Wireless Media Extensions
  22. 22 Finding the bug
  23. 23 Checking the buffer size
  24. 24 Samsung S7 vulnerability
  25. 25 Mac vulnerability
  26. 26 Second Law of Remotes
  27. 27 What we want
  28. 28 What is PS
  29. 29 PS struct
  30. 30 Write primitive
  31. 31 Write to function table
  32. 32 Write to ring buffer
  33. 33 Egg hunting
  34. 34 Layout of exploit buffer
  35. 35 Third law of remotes
  36. 36 Worms and Stuxnet
  37. 37 How it works
  38. 38 Demo

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.