Since our talks at Black Hat Vegas and DEFCON, Jon Ellch and I have been peppered with questions regarding how to find vulnerabilities in wireless device drivers and the specific techniques that were employed. Rather than answer these questions one at a time, an article seemed a better course of action. In this first article, we will discuss how to build an auditing environment, how to construct fuzzing tools and, finally, how to interpret the results.
Although our previous talks have focused primarily on 802.11-based protocols, these same auditing methods can be applied to almost any type of device, including Bluetooth and infrared, with successful results. This article is designed as a beginner's guide to fuzzing wireless device drivers. To get the most out of it you should already be familiar with exploit development and debugging, as the article does not cover either of those topics in depth.
No comments:
Post a Comment