Don't Ruck Us Too Hard - Owning All of Ruckus AP devices | Gal Zror | NULLCON Goa 2020 скачать в хорошем качестве

Don't Ruck Us Too Hard - Owning All of Ruckus AP devices | Gal Zror | NULLCON Goa 2020

Presentation from the talk: https://bit.ly/GalZrorPresentation Abstract: Ruckus Networks is a company selling wired and wireless networking equipment and software. This talk presents vulnerability research conducted on Ruckus access points and wi-fi controllers, which resulted in 3 different pre-authentication remote code execution. Exploitation used various vulnerabilities such as information leak, authentication bypass, command injection, path traversal, stack overflow, and arbitrary file read/write. Ruckus has confirmed all 10 CVEs we field for this research (CVE-2019-19834 - 19843). Throughout the research, 33 different access points firmware and wi-fi controllers examined; all of them were found vulnerable. This talk also introduces and shares the framework used in this research. That includes a Ghidra script and a dockerized QEMU full system emulation for easy cross-architecture research setup. About Speaker: Gal Zror is a research team leader in the Aleph Research group at HCL AppScan, which based in Herzliya Israel. Gal has extensive experience with vulnerability research and specialized in embedded systems and protocols. Gal is also an amateur boxer and a tiki culture enthusiastic. ----------------------------------------------------- #Nullcon2020 #Ruckus #Security ----------------------------------------------------- Follow nullcon on Facebook:   / nullcon   Twitter:   / nullcon   LinkedIn:   / nullcon-information-security-conference   Website: https://nullcon.net