Overview
Syllabus
Introduction
What is a remote exploit
Google Project Zero
Mitigations
Baseband and WiFi
Baseband fragmentation
Market leader
Bonus
Research
Reversed Firmware
Source Leak
First Quiz
WiFi Association Process
Arrow Dump
Identifying Access Points
No Authentication
Attack Surface
Reverse Engineering
IAI Powers Function
Mapping xrefs
What is Wireless Media Extensions
Finding the bug
Checking the buffer size
Samsung S7 vulnerability
Mac vulnerability
Second Law of Remotes
What we want
What is PS
PS struct
Write primitive
Write to function table
Write to ring buffer
Egg hunting
Layout of exploit buffer
Third law of remotes
Worms and Stuxnet
How it works
Demo
Taught by
Black Hat