This course is an extension to the kernel exploitation techniques training. It is aimed at experienced Linux kernel researches already familiar with common kernel exploitation techniques. The focus is on more advanced kernel exploitation techniques based on real life vulnerabilities and the latest kernel exploitation mitigations on x86_64. Though practical examples are specific to x86_64, most of the concepts are generic and can be applied to other architectures.
The training material covers latest exploitation mitigations and kernel hardening implementation details. Kernel exploitation mitigations starting from 4.9 up to mainline will be the main focus of this training. The emphasis is on heap-related vulnerabilities and manipulation of exploit primitives to bypass Supervisor Mode Access Protection (SMAP). Virtual memory management and SLUB implementation will be discussed in detail to help understand certain corner cases and mitigations associated with exploitation of heap-related vulnerabilities. We mostly focus on data-only attacks to obtain arbitrary kernel read/write and bypass all existing exploitation mitigations.
This hands-on training is structured similarly to the Linux kernel exploitation techniques course where theory material is followed by a practical lab demonstrating the concept in action. Please note there will no introductory material to kernel debugging, architecture design, etc. We strongly advise taking the kernel exploitation training first unless you are already familiar with common kernel vulnerability classes / exploitation techniques.
There are generally two public trainigs sessions per year (first half of the year) in Europe or Asia. You can sign up below to receive public training schedule notifications.
For a private training contact us directly.