BUY TICKETS
BUY TICKETS
BUY TICKETS
Back to Agenda

Attacking the Linux Kernel

Training overview:

This training guides researchers through the field of Linux kernel security. In a series of exercise-driven labs, the training explores the process of finding, assessing, and exploiting kernel bugs in a modern Linux distribution on the x86-64 architecture. Besides providing a foundation for writing Linux kernel exploits, the training covers the no-less important areas of finding kernel bugs and evaluating their security impact. This includes chapters on using dynamic bug-finding tools, writing custom fuzzers, and analyzing crashes.

Training agenda:


Day 1 — Internals, Sanitizers, and fuzzing:

● Internals and debugging: x86-64 architecture refresher; introduction to the Linux kernel; attack surface; types of vulnerabilities; setting up a kernel debugging environment; using GDB to debug the kernel and its modules.
● Detecting bugs: using KASAN to detect and analyze memory corruptions; KASAN internals; reading kernel bug reports; assessing impact of kernel bugs.
● General fuzzing: writing and evaluating kernel-specific fuzzing harnesses; Human-in-the-Loop fuzzing; collecting coverage with KCOV.


Day 2 — Fuzzing with syzkaller and escalating privileges:

● Fuzzing with syzkaller: API-aware fuzzing; coverage-guided fuzzing; using syzkaller; writing syscall descriptions.
● Escalating privileges: ret2usr; overwriting the cred structure; overwriting modprobe_path; kernel stack buffer overflows; arbitrary address execution and arbitrary
read/write primitives.

Day 3 — Bypassing mitigations and exploiting slab corruptions:

● Bypassing mitigations: KASLR, SMEP, SMAP, and KPTI bypass techniques; in-kernel Return-Oriented Programming (ROP); out-of-bounds vulnerabilities; information leaks.
● Exploiting basic slab corruptions: slab out-of-bounds and use-after-free vulnerabilities; slab-specific mitigations; slab spraying; data-only exploitation; the unlinking attack.
● Beyond: learning advanced exploitation techniques; useful references.


Student requirements:


● Working C knowledge.
● Familiarity with x86-64 architecture and x86-64 assembly.
● Familiarity with GDB (GNU Debugger).
● Familiarity with common types of vulnerabilities and exploitation techniques for userspace applications.
No knowledge about Linux kernel internals is required.

Hardware/Software requirements


● At least 100 GB of free disk space.
● At least 12 GB of RAM.
● Ability to plug in an untrusted USB drive (relevant for corporate laptops).
● Host OS: Linux (recommended) or Windows.
● VMWare Workstation Player.
● 7-Zip.

Share on

you might be interested in

Explore all talks
Explore all talks

Take part in The Best
All Offensive Security
Conference in Asia

Get your TyphoonCon tickets today!

buy tickets

for more information

Email Info@typhooncon.com

Follow us