Completed
No Authentication
Class Central Classrooms beta
YouTube videos curated by Class Central.
Classroom Contents
Broadpwn - Remotely Compromising Android and iOS via a Bug in Broadcom's Wi-Fi Chipsets
Automatically move to the next video in the Classroom when playback concludes
- 1 Introduction
- 2 What is a remote exploit
- 3 Google Project Zero
- 4 Mitigations
- 5 Baseband and WiFi
- 6 Baseband fragmentation
- 7 Market leader
- 8 Bonus
- 9 Research
- 10 Reversed Firmware
- 11 Source Leak
- 12 First Quiz
- 13 WiFi Association Process
- 14 Arrow Dump
- 15 Identifying Access Points
- 16 No Authentication
- 17 Attack Surface
- 18 Reverse Engineering
- 19 IAI Powers Function
- 20 Mapping xrefs
- 21 What is Wireless Media Extensions
- 22 Finding the bug
- 23 Checking the buffer size
- 24 Samsung S7 vulnerability
- 25 Mac vulnerability
- 26 Second Law of Remotes
- 27 What we want
- 28 What is PS
- 29 PS struct
- 30 Write primitive
- 31 Write to function table
- 32 Write to ring buffer
- 33 Egg hunting
- 34 Layout of exploit buffer
- 35 Third law of remotes
- 36 Worms and Stuxnet
- 37 How it works
- 38 Demo