YoVDO

BLEEDINGBIT - Your APs Belong to Us

Offered By: Black Hat via YouTube

Tags

Black Hat Courses Cybersecurity Courses Wireless Security Courses Network Engineering Courses Exploit Development Courses Attack Surface Analysis Courses Firmware Analysis Courses Memory Corruption Courses

Course Description

Overview

Explore BLEEDINGBIT, two zero-day vulnerabilities in Texas Instruments' BLE chips used in popular wireless access points, allowing unauthenticated over-the-air enterprise network penetration. Delve into Bluetooth Low Energy attack surfaces, OTA solutions, and BLE in Aruba Access Points. Examine OAD implementation, firmware extraction, and custom OAD analysis. Discover BLE link layer intricacies, TI CC2640 architecture, and memory corruption techniques. Investigate inter-core communication, overflow mechanics, and exploit strategies. Learn to overcome size limitations, restore execution, and install backdoors. Gain insights into shellcode development for successful network infiltration in this comprehensive Black Hat conference presentation.

Syllabus

Intro
Agenda
Why Bluetooth Low Energy?
Why do APs support BLE?
BLE Attack surface
OTA solutions over BLE
BLE in Aruba Access Points
OAD in General
OAD in Aruba Access Points
Extracting BLE firmware
Analyzing custom OAD
OTA OAD OMG
What would a BLEEDINGBIT attack look like? black hat
BLE Discovery
BLE link layer
TI CC2640 Architecture
CC2640 Memory Corruption
Lets try and crash it
Packet Length: Main Core vs Radio Core black hat
Case Study
What is being overwritten?
Where will the overflow data come from? black hat
Inter-core communication
Overflow mechanics
Spray
Exploit strategy
Size limitation
Tasks at hand
Making our first success last forever black hat
Restoring execution - Take 1
Restoring execution - Take 2
Installing a backdoor
Shellcode


Taught by

Black Hat

Related Courses

Attack on Titan M, Reloaded - Vulnerability Research on a Modern Security Chip
Black Hat via YouTube
Attacks From a New Front Door in 4G & 5G Mobile Networks
Black Hat via YouTube
AAD Joined Machines - The New Lateral Movement
Black Hat via YouTube
Better Privacy Through Offense - How to Build a Privacy Red Team
Black Hat via YouTube
Whip the Whisperer - Simulating Side Channel Leakage
Black Hat via YouTube