18 January, 2019

Remotely compromise devices by using bugs in Marvell Avastar Wi-Fi: from zero knowledge to zero-click RCE

Remotely compromise devices by using bugs in Marvell Avastar Wi-Fi: from zero knowledge to zero-click RCE Introduction and motivation How wireless device works and starts up Interaction between Wi-Fi SoC and driver Firmware analysis Static firmware file analysis Dynamic firmware analysis. ThreadX runtime structures recovery Dynamic firmware analysis. Dynamic firmware instrumentation Hunting for bugs Fuzzing
12 December, 2018

NUClear explotion

Introduction It is widely known, that UEFI BIOS security aims at preventing the SPI flash memory tampering in the first place. Who cares about arbitrary code execution in the context of System Management Mode (SMM), if one cannot just simply write to the SPI flash memory, where UEFI BIOS code is stored. Persistence cannot be
10 July, 2018

Dangerous Reality Inside of VR headset: HTC Vive

Introduction The subject of VR has become a modern trend bringing the neon visions of the masters of cyberpunk stories and novels closer to reality. So, it comes as no surprise that it has been lost only on very few. With years, VR headsets grew far more affordable than they had been at the start
30 May, 2018

Life path embedded bugs from 0- to 1-days

“As Gregor Samsa awoke one morning from uneasy dreams he found himself transformed in his bed into a gigantic insect.” Franz Kafka, The Metamorphosis. The IoT world enjoys tremendous growth with new devices being released to the market every day. Unfortunately, cybercriminals forge ahead as well since the number of attacks on IoT devices is
1 May, 2018

Who’s Watching the Watchers (Vol. II): Norton Core Secure WiFi Router

Recently, the articles on hacking IoT devices and their poor security are whirling over the media. In conjunction with that, Trustwave has published its report. There, it is stated that the number of those enterprises that use IoT devices is growing, and, consequently, so does the likelihood of stumbling across security issues a device may
24 April, 2018

First glance on OS VRP by Huawei

Up to now, a lot of research articles about Cisco and Juniper hardware and software has been published, but there is almost nothing on Huawei. In 2012, Felix ‘FX’ Lindner presented his research “Hacking Huawei VRP,” where he described internals of command subsystem and memory management of Versatile Routing Platform – Huawei’s own network operating