TyphoonCon
  • About
    • About Us
    • Venue
    • Sponsors
    • Press
    • Code Of Conduct
    • Contact
    • COVID-19 Regulations
    • Past events
      • TyphoonCon 2022
      • TyphoonCon Capture The Flag 2021
      • TyphoonCon 2020
      • TyphoonPWN 2020
      • TyphoonCon 2019
  • Conference
    • 2023 Speakers
    • 2023 Conference Agenda
  • Training
    • Introduction to hard target internals
    • Attacking the Linux Kernel
    • Mastering Fuzzing
  • Competitions
    • TyphoonPWN
    • TyphoonCon CTF 2023
BUY TICKETS
  • About
    • About Us
    • Venue
    • Sponsors
    • Press
    • Code Of Conduct
    • Contact
    • COVID-19 Regulations
    • Past events
      • TyphoonCon 2022
      • TyphoonCon Capture The Flag 2021
        • TyphoonCon Capture The Flag 2021 Write Ups
      • TyphoonCon 2020
      • TyphoonPWN 2020
      • TyphoonCon 2019
  • Conference
    • 2023 Speakers
    • 2023 Conference Agenda
  • Training
    • Introduction to hard target internals
    • Attacking the Linux Kernel
    • Mastering Fuzzing
  • Competitions
    • TyphoonPWN
    • TyphoonCon CTF 2023
Menu
  • About
    • About Us
    • Venue
    • Sponsors
    • Press
    • Code Of Conduct
    • Contact
    • COVID-19 Regulations
    • Past events
      • TyphoonCon 2022
      • TyphoonCon Capture The Flag 2021
        • TyphoonCon Capture The Flag 2021 Write Ups
      • TyphoonCon 2020
      • TyphoonPWN 2020
      • TyphoonCon 2019
  • Conference
    • 2023 Speakers
    • 2023 Conference Agenda
  • Training
    • Introduction to hard target internals
    • Attacking the Linux Kernel
    • Mastering Fuzzing
  • Competitions
    • TyphoonPWN
    • TyphoonCon CTF 2023
BUY TICKETS
BUY TICKETS
  • About
    • About Us
    • Venue
    • Sponsors
    • Press
    • Code Of Conduct
    • Contact
    • COVID-19 Regulations
    • Past events
      • TyphoonCon 2022
      • TyphoonCon Capture The Flag 2021
        • TyphoonCon Capture The Flag 2021 Write Ups
      • TyphoonCon 2020
      • TyphoonPWN 2020
      • TyphoonCon 2019
  • Conference
    • 2023 Speakers
    • 2023 Conference Agenda
  • Training
    • Introduction to hard target internals
    • Attacking the Linux Kernel
    • Mastering Fuzzing
  • Competitions
    • TyphoonPWN
    • TyphoonCon CTF 2023
Menu
  • About
    • About Us
    • Venue
    • Sponsors
    • Press
    • Code Of Conduct
    • Contact
    • COVID-19 Regulations
    • Past events
      • TyphoonCon 2022
      • TyphoonCon Capture The Flag 2021
        • TyphoonCon Capture The Flag 2021 Write Ups
      • TyphoonCon 2020
      • TyphoonPWN 2020
      • TyphoonCon 2019
  • Conference
    • 2023 Speakers
    • 2023 Conference Agenda
  • Training
    • Introduction to hard target internals
    • Attacking the Linux Kernel
    • Mastering Fuzzing
  • Competitions
    • TyphoonPWN
    • TyphoonCon CTF 2023
Back to Agenda

Attacking the Linux Kernel

Training overview:

This training guides researchers through the field of Linux kernel security. In a series of exercise-driven labs, the training explores the process of finding, assessing, and exploiting kernel bugs in a modern Linux distribution on the x86-64 architecture. Besides providing a foundation for writing Linux kernel exploits, the training covers the no-less important areas of finding kernel bugs and evaluating their security impact. This includes chapters on using dynamic bug-finding tools, writing custom fuzzers, and analyzing crashes.

Training agenda:


Day 1 — Internals, Sanitizers, and fuzzing:

● Internals and debugging: x86-64 architecture refresher; introduction to the Linux kernel; attack surface; types of vulnerabilities; setting up a kernel debugging environment; using GDB to debug the kernel and its modules.
● Detecting bugs: using KASAN to detect and analyze memory corruptions; KASAN internals; reading kernel bug reports; assessing impact of kernel bugs.
● General fuzzing: writing and evaluating kernel-specific fuzzing harnesses; Human-in-the-Loop fuzzing; collecting coverage with KCOV.


Day 2 — Fuzzing with syzkaller and escalating privileges:

● Fuzzing with syzkaller: API-aware fuzzing; coverage-guided fuzzing; using syzkaller; writing syscall descriptions.
● Escalating privileges: ret2usr; overwriting the cred structure; overwriting modprobe_path; kernel stack buffer overflows; arbitrary address execution and arbitrary
read/write primitives.

Day 3 — Bypassing mitigations and exploiting slab corruptions:

● Bypassing mitigations: KASLR, SMEP, SMAP, and KPTI bypass techniques; in-kernel Return-Oriented Programming (ROP); out-of-bounds vulnerabilities; information leaks.
● Exploiting basic slab corruptions: slab out-of-bounds and use-after-free vulnerabilities; slab-specific mitigations; slab spraying; data-only exploitation; the unlinking attack.
● Beyond: learning advanced exploitation techniques; useful references.


Student requirements:


● Working C knowledge.
● Familiarity with x86-64 architecture and x86-64 assembly.
● Familiarity with GDB (GNU Debugger).
● Familiarity with common types of vulnerabilities and exploitation techniques for userspace applications.
No knowledge about Linux kernel internals is required.

Hardware/Software requirements


● At least 100 GB of free disk space.
● At least 12 GB of RAM.
● Ability to plug in an untrusted USB drive (relevant for corporate laptops).
● Host OS: Linux (recommended) or Windows.
● VMWare Workstation Player.
● 7-Zip.

Share on

you might be interested in

Explore all talks
Keynote Speaker

How to build Skynet – a system that hacks systems

Professor Insu Yun
|
Assistant Professor at KAIST
Keynote Speaker

Exploring Offensive Security in Korea

Yongil Lee
|
CISO at Peoplefund

When Athletic Abilities Just Aren’t Enough – Scoreboard Hacking

Maxwell Dulin
|
Senior security consultant at Security Innovation
Explore all talks

Take part in The Best
All Offensive Security
Conference in Asia

Get your TyphoonCon tickets today!

buy tickets

for more information

Email Info@typhooncon.com

Follow us

  • Facebook
  • Twitter
  • Linkedin
  • Facebook
  • Twitter
  • Linkedin
  • Email