YoVDO

Exploiting Android Messengers with WebRTC

Offered By: nullcon via YouTube

Tags

nullcon Courses WebRTC Courses Exploit Development Courses Mobile Application Security Courses Vulnerability Research Courses Frida Courses

Course Description

Overview

Explore the security implications of WebRTC vulnerabilities in Android messaging applications through this informative conference talk from Nullcon Webinar 2021. Dive into the process of identifying and exploiting WebRTC vulnerabilities across various mobile apps. Learn about the WebRTC architecture, terminology, and common security issues. Discover techniques for revealing memory, breaking ASLR on Android, and implementing exploits using Frida. Gain insights into methods for reducing the impact of WebRTC bugs and enhancing the security of mobile platforms. Benefit from the expertise of Natalie Silvanovich, a Google Project Zero security researcher, as she shares her findings and recommendations for improving mobile application security.

Syllabus

Intro
What is WebRTC?
WebRTC Terminology
WebRTC Architecture
WebRTC Vulnerabilities
Questions
RTP Bugs
CVE-2020-6514
Is a heap pointer sufficient to break ASLR on Android?
Revealing Memory with Bug 376
Setting IP (again)
Complete Exploit Steps
Investigating Android Applications
Implementing the Exploit in Frida
Methods to hook
Hooking Methods
Testing the exploit
Exploit results
Reducing the impact of WebRTC bugs
Conclusions


Taught by

nullcon

Related Courses

Ethical Hacking in 15 Hours - 2023 Edition - Learn to Hack
Cyber Mentor via YouTube
Contextomy - Let's Debug Together
nullcon via YouTube
macOS Security Features Bypasses by Example
nullcon via YouTube
XNU Heap Exploitation - From Kernel Bug to Kernel Control
nullcon via YouTube
Don't Ruck Us Too Hard - Owning All of Ruckus AP Devices
nullcon via YouTube