The number of user-land EXPLOITATION COUNTERMEASURES OUTWEIGHS THE
KERNEL PROTECTION MECHANISMS IMPLEMENTED BY MOST MODERN DISTRIBUTIONS.
Due to the complexity associated with exploiting user-land
vulnerabilities, LINUX KERNEL, with its huge publicly available
codebase, has become an appealing target for exploit developers. A
successful EXPLOITATION OF A KERNEL VULNERABILITY GENERALLY RESULTS IN
PRIVILEGE ESCALATION BYPASSING ANY USER-land protections and exploit
mitigations implemented by the OS.This course teachers common kernel
exploitation techniques on modern Linux distributions (x86_x64
architecture and 3.x/4.x kernels). It provides up-to-date information
on current kernel hardening implementations and exploit mitigations.
It is designed for students already familiar with user-land
exploitation who want to play with the heart of the OS and gain
fundamental knowledge required to develop reliable and effective
kernel exploits. The course is structured as several theory modules
(providing the necessary background material), followed by hands-on
lab exercises demonstrating learned concepts in practice.
Even though this course is designed for beginners in kernel
exploitation, a number of more advanced topics, such as reliable
exploitation of heap vulnerabilities and SMEP/SMAP/KPTI bypasses, are
discussed. The last day covers the more advanced material related to
heap vulnerabilities and race conditions in the kernel. This course
primarily concentrates on the exploitation phase, though some
guidelines for vulnerability analysis will be discussed as well. The
goal of this training is to demonstrate general exploitation concepts
that can be applied to common classes of kernel memory corruption
vulnerabilities.
The _four-day_ version of this course is more advanced and focuses
on bypasses for current kernel exploitation mitigations (software and
hardware) with more advanced topics such as exploitation in interrupt
context.
This course is largely self-contained but please ensure you meet the
entry requirements detailed below.
-------------------------
KEY LEARNING OBJECTIVES:
*
Privilege escalation techniques
*
Exploitation of integer vulnerabilities
*
Exploitation of kernel heap and stack vulnerabilities
*
Reliable exploitation of use-after-free (UAF) vulnerabilities on SMP
systems
*
SMEP/SMAP/KPTI bypasses
COURSE AGENDA:
*
Introduction to Linux kernel exploits
*
Kernel debugging
*
GDB scripting engine and developing helper scripts
*
Dynamic debugging with kprobes / jprobes
*
Privilege escalation techniques
*
Read/write (controlled, partially-controlled and uncontrolled)
primitives and ret2usr attacks
*
IDT overwrites (Interrupt Descriptor Table)
*
Fixating the system and recovering the kernel state
*
Information leaks (environment and code-based)
*
Out of bounds (OOB) access vulnerabilities
*
Integer vulnerabilities (signedness, typecasting, overflows)
*
Kernel stack overflows
*
Dynamic memory management/SLAB allocator
*
Heap vulnerabilities (heap overflows, UAF, off-by-X)
*
Reliable UAF exploitation on SMP systems
*
Supervisor Mode Execution Protection / Access Protection / Kernel Page
Table Isolation bypasses
*
Current UAF exploitation countermeasures and bypasses
*
Kernel race conditions
*
Universal heap sprays
*
Latest kernel exploitation mitigations
_For a list of software/hardware requirements refer
to _https://duasynt.com/training-intro-kernel-exploit-dev
[https://duasynt.com/training-intro-kernel-exploit-dev]
_The training session will start at 9am and finish at 5pm. For any
questions please email _info [at] duasynt.com
culture
sports
1246
Views
25/10/2019 Last update