Stagefright - Scary Code in the Heart of Android

Stagefright - Scary Code in the Heart of Android

Black Hat via YouTube Direct link

Androld Architecture

8 of 36

8 of 36

Androld Architecture

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

Stagefright - Scary Code in the Heart of Android

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Intro
  2. 2 About Joshua J. Drake akajduck
  3. 3 Motivations
  4. 4 Sponsors
  5. 5 What is Stagefright?
  6. 6 Why Stagefright?
  7. 7 Related Work
  8. 8 Androld Architecture
  9. 9 Process Architecture
  10. 10 Process Privileges (Nexus 5)
  11. 11 Privilege Survey Results II
  12. 12 Architecture Recap
  13. 13 Locating the Attack Surface
  14. 14 What do you find?
  15. 15 Vector Enumeration Methodology
  16. 16 Modularity Complicates Matters
  17. 17 Enter the Media Scanner
  18. 18 Tons of Attack Vectors!
  19. 19 The Scariest Part - MMS
  20. 20 Where does this work?
  21. 21 Triggers Virally
  22. 22 Discovery Methodology
  23. 23 First Round Specifics
  24. 24 First Round Results
  25. 25 Enter American Fuzzy Lop
  26. 26 Second Round Results
  27. 27 Bug Summary
  28. 28 Details for a FAIL
  29. 29 Embarrassing, but Educational
  30. 30 Exploitability Analysis
  31. 31 mediaserver Recap
  32. 32 New in Android 5.0
  33. 33 Mitigation Summary
  34. 34 Address Space Layout Randomization
  35. 35 Disclosure process review
  36. 36 Update Deployment

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.