TyphoonCon 2020 Training

LECTURE DETAILS

Kernel exploitation on Android devices still presents a relatively new unexplored research area due to its diverse range of hardware options and hardware/software exploitation mitigations implemented by vendors or the Linux kernel itself. Similar to other operating systems, Android provides several common user-space exploitation mitigations and attacking the kernel is an appealing option to obtain full access on the device bypassing any user-space exploitation mitigations.

The main focus is on common kernel vulnerability classes and exploitation techniques on Android 9 (Google Pixel 2/3 and Samsung S9/S10 devices). The training is hands-on and assumes some familiarity with Linux kernel exploit development. The course will also provide some introduction to fuzzing and crash analysis on Android devices.

Prerequisites:
– Familiarity with arm64 architecture
– Fundamental knowledge of common classes of vulnerabilities (e.g., stack and heap overflows, integer type conversion vulnerabilities and overflows, etc.) and user-space exploitation techniques
– Some experience in Linux kernel exploitation / knowledge of common Linux kernel vulnerability classes (consider taking Linux kernel exploitation techniques (x86_64) first)
– C and assembly programming knowledge
– Familiarity with GDB (GNU Debugger)

Who should attend:
– Reverse engineers, bug hunters and exploit developers
– Information security professionals experienced in user-land exploitation

Hardware and software:
– Base OS – Windows, macOS, Linux
– Virtualisation software that allows you to import VMs in a standard OVA/OVF format and passthrough USB devices
– At least 40GB of free disk space
– At least 8 GB of RAM

** HiKey 960 boards will be provided