A Guide to Kernel Exploitation book cover

A Guide to Kernel Exploitation

Attacking the Core

A Guide to Kernel Exploitation: Attacking the Core discusses the theoretical techniques and approaches needed to develop reliable and effective kernel-level exploits, and applies them to different operating systems, namely, UNIX derivatives, Mac OS X, and Windows. Concepts and tactics are presented categorically so that even when a specifically detailed vulnerability has been patched, the foundational information provided will help hackers in writing a newer, better attack; or help pen testers, auditors, and the like develop a more concrete design and defensive structure. The book is organized into four parts. Part I introduces the kernel and sets out the theoretical basis on which to build the rest of the book. Part II focuses on different operating systems and describes exploits for them that target various bug classes. Part III on remote kernel exploitation analyzes the effects of the remote scenario and presents new techniques to target remote issues. It includes a step-by-step analysis of the development of a reliable, one-shot, remote exploit for a real vulnerabilitya bug affecting the SCTP subsystem found in the Linux kernel. Finally, Part IV wraps up the analysis on kernel exploitation and looks at what the future may hold.

Audience
Intermediate to advanced pen testers, hackers and OS system designers and developers

Paperback, 464 Pages

Published: September 2010

Imprint: Syngress

ISBN: 978-1-59749-486-1

Reviews

  • "A very interesting book that not only exposes readers to kernel exploitation techniques, but also deeply motivates the study of operating systems internals, moving such study far beyond simple curiosity."--Golden G. Richard III, Ph.D., Professor of Computer Science, University of New Orleans and CTO, Digital Forensics Solutions, LLC


Contents


  • Foreword

    Preface

    Acknowledgments

    About the Authors

    About the Technical Editor

    Part I A Journey to Kernel Land

    Chapter 1 From User-Land to Kernel-Land Attacks

    Introduction

    Introducing the Kernel and the World of Kernel Exploitation

    Why Doesn’t My User-Land Exploit Work Anymore?

    An Exploit Writer’s View of the Kernel

    Open Source versus Closed Source Operating Systems

    Summary

    Related Reading

    Endnote

    Chapter 2 A Taxonomy of Kernel Vulnerabilities

    Introduction

    Uninitialized/Nonvalidated/Corrupted Pointer Dereference

    Memory Corruption Vulnerabilities

    Integer Issues

    Race Conditions

    Logic Bugs (a.k.a. the Bug Grab Bag)

    Summary

    Endnotes

    Chapter 3 Stairway to Successful Kernel Exploitation

    Introduction

    A Look at the Architecture Level

    The Execution Step

    The Triggering Step

    The Information-Gathering Step

    Summary

    Related Reading

    Part II The UNIX Family, Mac OS X, and Windows

    Chapter 4 The UNIX Family

    Introduction

    The Members of the UNIX Family

    The Execution Step

    Practical UNIX Exploitation

    Summary

    Endnotes

    Chapter 5 Mac OS X

    Introduction

    An Overview of XNU

    Kernel Debugging

    Kernel Extensions (Kext)

    The Execution Step

    Exploitation Notes

    Summary

    Endnotes

    Chapter 6 Windows

    Introduction

    Windows Kernel Overview

    The Execution Step

    Practical Windows Exploitation

    Summary

    Endnotes

    Part III Remote Kernel Exploitation

    Chapter 7 Facing the Challenges of Remote Kernel Exploitation

    Introduction

    Attacking Remote Vulnerabilities

    Executing the First Instruction

    Remote Payloads

    Summary

    Endnote

    Chapter 8 Putting It All Together: A Linux Case Study

    Introduction

    SCTP FWD Chunk Heap Memory Corruption

    Remote Exploitation: An Overall Analysis

    Getting the Arbitrary Memory Overwrite Primitive

    Installing the Shellcode

    Executing the Shellcode

    Summary

    Related Reading

    Endnote

    Part IV Final Words

    Chapter 9 Kernel Evolution: Future Forms of Attack and Defense

    Introduction

    Kernel Attacks

    Kernel Defense

    Beyond Kernel Bugs: Virtualization

    Summary

    Index






Advertisement

advert image