Completed
Intro
Class Central Classrooms beta
YouTube videos curated by Class Central.
Classroom Contents
Finding New Bluetooth Low Energy Exploits via Reverse Engineering Multiple Vendors' Firmwares
Automatically move to the next video in the Classroom when playback concludes
- 1 Intro
- 2 Learning mode
- 3 BLE stack in dual chip configuration Host
- 4 BLE stack in single chip configuration Controller
- 5 New BLE low layer vulnerabilities!
- 6 Lab setup: targets
- 7 Lab setup: for basic HW debug 1
- 8 Lab setup: for fuzzer and convenience
- 9 Lab setup: sniffers
- 10 Lab setup: packet sending HW
- 11 Lab setup: JackBNimBLE, packet sending SW
- 12 Target #1: Texas Instruments WL1835 MOD
- 13 Static analysis
- 14 Dynamic analysis
- 15 Remote code execution bugs
- 16 Stack buffer overflow 1 CVE-2019-15948
- 17 Attack packet example 1
- 18 "Quiet Place" attack
- 19 Stack buffer overflow 2 CVE-2019-15948
- 20 Attack packet example 2
- 21 Target #2
- 22 Fuzzing extended advertisements
- 23 Difference from the target #1's RCE bug
- 24 RCE: heap buffer overflow CVE-2020-15531
- 25 Impact assessment
