This course teaches common kernel exploitation techniques on modern Linux distributions (x86_x64 architecture and 3.x/4.x kernels). It provides up-to-date information on current kernel hardening implementations and exploit mitigations. It is designed for students already familiar with user-land exploitation who want to play with the heart of the OS and gain fundamental knowledge required to develop reliable and effective kernel exploits.
This course is an extension to the kernel exploitation techniques training. It is aimed at experienced Linux kernel researches already familiar with common kernel exploitation techniques. The focus is on more advanced kernel exploitation techniques based on real life vulnerabilities and the latest kernel exploitation mitigations on x86_64. Though practical examples are specific to x86_64, most of the concepts are generic and can be applied to other architectures.
This course starts by enumerating the Android kernel attack surface (from an LPE perspective) describing any sandboxing options that may limit this attack surface. Though the course is mostly self-contained and there's a brief refresher on arm64 architecture, attendees should be already familiar with this architecture / instruction set. The main focus is on common kernel vulnerability classes and exploitation techniques on Android.
Unlike the Linux kernel exploitation training, this course focuses on vulnerability discovery and root cause analysis rather than developing proof of concept code for specific kernel versions and bypassing various kernel exploitation mitigations. We will discuss a few publicly available kernel fuzzing frameworks and focus on practical approaches for kernel fuzzing.
This course is designed for novice security researchers interested in learning binary exploitation on 64-bit ARM. It assumes no previous background in binary exploitation or fuzzing. The material covered serves as a solid foundation for further vulnerability research on mobile and IoT devices. Similar to our other courses, this training is largely self-contained but assumes minimal entry requirements.