18 January, 2019

Remotely compromise devices by using bugs in Marvell Avastar Wi-Fi: from zero knowledge to zero-click RCE

Remotely compromise devices by using bugs in Marvell Avastar Wi-Fi: from zero knowledge to zero-click RCE Introduction and motivation How wireless device works and starts up Interaction between Wi-Fi SoC and driver Firmware analysis Static firmware file analysis Dynamic firmware analysis. ThreadX runtime structures recovery Dynamic firmware analysis. Dynamic firmware instrumentation Hunting for bugs Fuzzing