Sign up to save your podcasts
Or
Share Laurent Butti: Wi-Fi Advanced Fuzzing
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Laurent Butti: Wi-Fi Advanced Fuzzing
"Fuzzing is a software testing technique that consists in finding implementation bugs. Fuzzing Wi-Fi drivers is becoming more and more attractive as any exploitable security bug will enable the attacker trun arbitrary code with ring0 privileges (within victim's radicoverage).
This presentation will describe all the processes involved in the design from scratch of a fully-featured Wi-Fi fuzzer. It will pinpoint all issues and constraints when fuzzing 802.11 stacks (scanning, bugs identification, replaying bugs, analyzing kernel crashes...).
Then some features will be focused on, in order tunderstand which kind of implementation bugs may be discovered and which vulnerabilities we discovered thanks tthis tool (CVE-2006-6059, CVE-2006-6125).
Finally, a real-world example will be fully explained: how we found the first (publicly known) madwifi stack-based overflow thanks tour Wi-Fi fuzzer (CVE-2006-6332)."
View all episodes
"Fuzzing is a software testing technique that consists in finding implementation bugs. Fuzzing Wi-Fi drivers is becoming more and more attractive as any exploitable security bug will enable the attacker trun arbitrary code with ring0 privileges (within victim's radicoverage).
This presentation will describe all the processes involved in the design from scratch of a fully-featured Wi-Fi fuzzer. It will pinpoint all issues and constraints when fuzzing 802.11 stacks (scanning, bugs identification, replaying bugs, analyzing kernel crashes...).
Then some features will be focused on, in order tunderstand which kind of implementation bugs may be discovered and which vulnerabilities we discovered thanks tthis tool (CVE-2006-6059, CVE-2006-6125).
Finally, a real-world example will be fully explained: how we found the first (publicly known) madwifi stack-based overflow thanks tour Wi-Fi fuzzer (CVE-2006-6332)."