Advanced Linux Kernel Exploitation Techniques
Skill level: Advanced
Duration: 3 days
Instructors: Vitaly Nikolenko and Filippo Morano

Course description:

This course is an extension to the kernel exploitation techniques training. It is aimed at experienced Linux kernel researches already familiar with common kernel exploitation techniques. The focus is on more advanced kernel exploitation techniques based on real life vulnerabilities and the latest kernel exploitation mitigations on x86_64. Though practical examples are specific to x86_64, most of the concepts are generic and can be applied to other architectures.

The training material covers latest exploitation mitigations and kernel hardening implementation details. Kernel exploitation mitigations starting from 4.9 up to mainline will be the main focus of this training. The emphasis is on heap-related vulnerabilities and manipulation of exploit primitives to bypass Supervisor Mode Access Protection (SMAP). Virtual memory management and SLUB implementation will be discussed in detail to help understand certain corner cases and mitigations associated with exploitation of heap-related vulnerabilities. We mostly focus on data-only attacks to obtain arbitrary kernel read/write and bypass all existing exploitation mitigations.

This hands-on training is structured similarly to the Linux kernel exploitation techniques course where theory material is followed by a practical lab demonstrating the concept in action. Please note there will no introductory material to kernel debugging, architecture design, etc. We strongly advise taking the kernel exploitation training first unless you are already familiar with common kernel vulnerability classes / exploitation techniques.

  • C / Python / x86 assembly knowledge
  • Experience in Linux kernel exploitation / knowledge of common Linux kernel vulnerability classes (consider taking Linux kernel exploitation techniques x86_64 first)
  • Familiarity with GDB (GNU Debugger)
Who should attend:
  • Linux kernel / Android security researchers
Hardware and software:
  • Base OS - Linux x86_64
  • QEMU w/ KVM
  • At least 40GB of free disk space
  • At least 8GB of RAM
Key learning objectives:
  • Advanced kernel exploitation scenarios
  • Latest kernel exploitation mitigations
  • Virtual memory management (page allocator / SLUB)
  • Exploitation primitive manipulations
Course agenda:
  • Kernel exploitation primitive transformations: upgrading weaker primitives
  • Hardened usercopy
  • SLUB debugging techniques
    • Compound pages – Per-cpu caches
    • Metadata storage
  • SLUB freelist pointer randomisation
  • Use-after-free
  • Heap overflows with freelist randomisation
  • Double frees
  • Double fetches
  • Race conditions
  • Heap manipulation techniques
    • Slab reallocations and collisions
  • Memory control groups
  • SMAP (Supervisor Access Mode Protection) bypasses
  • kASLR (Kernel Address Space Layout Randomisation)

Training Announcements

There are generally two public trainigs sessions per year (first half of the year) in Europe or Asia. You can sign up below to receive public training schedule notifications.

For a private training contact us directly.