TYPHOONCON 2020 TRAINER

Vitaly Nikolenko

Android Kernel Security Training

Vitaly Nikolenko | Security researcher at DUASYNT 
Training Location: Courtyard by Marriott Seoul Namdaemun, Seoul, Korea
Training Title: Linux Kernel Exploitation Techniques 
Date: June 15th, 2020

BIO

Vitaly Nikolenko is a security researcher at DUASYNT specialising in reverse engineering and exploit development. He has a solid academic background in programming languages, code analysis and algorithms. His current areas of research are operating system security (kernel space exploitation techniques and countermeasures) and software hypervisors.

LECTURE DETAILS

Kernel exploitation on Android devices still presents a relatively new unexplored research area due to its diverse range of hardware options and hardware/software exploitation mitigations implemented by vendors or the Linux kernel itself. Similar to other operating systems, Android provides several common user-space exploitation mitigations and attacking the kernel is an appealing option to obtain full access on the device bypassing any user-space exploitation mitigations.

The main focus is on common kernel vulnerability classes and exploitation techniques on Android 9 (Google Pixel 2/3 and Samsung S9/S10 devices). The training is hands-on and assumes some familiarity with Linux kernel exploit development. The course will also provide some introduction to fuzzing and crash analysis on Android devices.

Prerequisites:
– Familiarity with arm64 architecture
– Fundamental knowledge of common classes of vulnerabilities (e.g., stack and heap overflows, integer type conversion vulnerabilities and overflows, etc.) and user-space exploitation techniques
– Some experience in Linux kernel exploitation / knowledge of common Linux kernel vulnerability classes (consider taking Linux kernel exploitation techniques (x86_64) first)
– C and assembly programming knowledge
– Familiarity with GDB (GNU Debugger)

Who should attend:
– Reverse engineers, bug hunters and exploit developers
– Information security professionals experienced in user-land exploitation

Hardware and software:
– Base OS – Windows, macOS, Linux
– Virtualisation software that allows you to import VMs in a standard OVA/OVF format and passthrough USB devices
– At least 40GB of free disk space
– At least 8 GB of RAM

** HiKey 960 boards will be provided