If you suspend your transcription on amara.org, please add a timestamp below to indicate how far you progressed! This will help others to resume your work!
Please do not press “publish” on amara.org to save your progress, use “save draft” instead. Only press “publish” when you're done with quality control.
This talk demonstrates 3 remote code executions and the techniques used to find and exploit them.
It overviews Ruckus equipment and their attack surfaces. Explain the firmware analysis and emulation prosses using our dockerized QEMU full system framework.
-Demonstrate the first RCE and its specifics. Describe the webserver logic using Ghidra decompiler and its scripting environment.
-Demonstrate the second RCE using stack overflow vulnerability.
-Lastly, demonstrate the third RCE by using a vulnerability chaining technique.
All Tools used in this research will be published.