18 January, 2019

Remotely compromise devices by using bugs in Marvell Avastar Wi-Fi: from zero knowledge to zero-click RCE

Remotely compromise devices by using bugs in Marvell Avastar Wi-Fi: from zero knowledge to zero-click RCE Introduction and motivation How wireless device works and starts up Interaction between Wi-Fi SoC and driver Firmware analysis Static firmware file analysis Dynamic firmware analysis. ThreadX runtime structures recovery Dynamic firmware analysis. Dynamic firmware instrumentation Hunting for bugs Fuzzing
12 December, 2018

NUClear explotion

Introduction It is widely known, that UEFI BIOS security aims at preventing the SPI flash memory tampering in the first place. Who cares about arbitrary code execution in the context of System Management Mode (SMM), if one cannot just simply write to the SPI flash memory, where UEFI BIOS code is stored. Persistence cannot be
10 July, 2018

Dangerous Reality Inside of VR headset: HTC Vive

Introduction The subject of VR has become a modern trend bringing the neon visions of the masters of cyberpunk stories and novels closer to reality. So, it comes as no surprise that it has been lost only on very few. With years, VR headsets grew far more affordable than they had been at the start
1 May, 2018

Who’s Watching the Watchers (Vol. II): Norton Core Secure WiFi Router

Recently, the articles on hacking IoT devices and their poor security are whirling over the media. In conjunction with that, Trustwave has published its report. There, it is stated that the number of those enterprises that use IoT devices is growing, and, consequently, so does the likelihood of stumbling across security issues a device may
24 April, 2018

First glance on OS VRP by Huawei

Up to now, a lot of research articles about Cisco and Juniper hardware and software has been published, but there is almost nothing on Huawei. In 2012, Felix ‘FX’ Lindner presented his research “Hacking Huawei VRP,” where he described internals of command subsystem and memory management of Versatile Routing Platform – Huawei’s own network operating
29 March, 2018

Cisco Smart Install Remote Code Execution

Introduction Application: Cisco IOS, Cisco IOS-XE Vendor: Cisco Bugs: Stack-based buffer overflow [CWE-20], [CWE-121] Risk: Critical; AV:N/AC:L/Au:N/C:C/I:C/A:C (10.0) A stack-based buffer overflow vulnerability was found in Smart Install Client code. This vulnerability enables an attacker to remotely execute arbitrary code without authentication. So it allows getting full control over a vulnerable network equipment. Smart Install