A Guide to Kernel Exploitation: Attacking the Core discusses the theoretical techniques and approaches needed to develop reliable and effective kernel-level exploits, and applies them to different operating systems, namely, UNIX derivatives, Mac OS X, and Windows. Concepts and tactics are presented categorically so that even when a specifically detailed vulnerability has been patched, the foundational information provided will help hackers in writing a newer, better attack; or help pen testers, auditors, and the like develop a more concrete design and defensive structure. The book is organized into four parts. Part I introduces the kernel and sets out the theoretical basis on which to build the rest of the book. Part II focuses on different operating systems and describes exploits for them that target various bug classes. Part III on remote kernel exploitation analyzes the effects of the remote scenario and presents new techniques to target remote issues. It includes a step-by-step analysis of the development of a reliable, one-shot, remote exploit for a real vulnerabilitya bug affecting the SCTP subsystem found in the Linux kernel. Finally, Part IV wraps up the analysis on kernel exploitation and looks at what the future may hold.
- Covers a range of operating system families — UNIX derivatives, Mac OS X, Windows
- Details common scenarios such as generic memory corruption (stack overflow, heap overflow, etc.) issues, logical bugs and race conditions
- Delivers the reader from user-land exploitation to the world of kernel-land (OS) exploits/attacks, with a particular focus on the steps that lead to the creation of successful techniques, in order to give to the reader something more than just a set of tricks
Intermediate to advanced pen testers, hackers and OS system designers and developers
Foreword Preface Acknowledgments About the Authors About the Technical Editor Part I A Journey to Kernel Land Chapter 1 From User-Land to Kernel-Land Attacks Introduction Introducing the Kernel and the World of Kernel Exploitation Why Doesn’t My User-Land Exploit Work Anymore? An Exploit Writer’s View of the Kernel Open Source versus Closed Source Operating Systems Summary Related Reading Endnote Chapter 2 A Taxonomy of Kernel Vulnerabilities Introduction Uninitialized/Nonvalidated/Corrupted Pointer Dereference Memory Corruption Vulnerabilities Integer Issues Race Conditions Logic Bugs (a.k.a. the Bug Grab Bag) Summary Endnotes Chapter 3 Stairway to Successful Kernel Exploitation Introduction A Look at the Architecture Level The Execution Step The Triggering Step The Information-Gathering Step Summary Related Reading Part II The UNIX Family, Mac OS X, and Windows Chapter 4 The UNIX Family Introduction The Members of the UNIX Family The Execution Step Practical UNIX Exploitation Summary Endnotes Chapter 5 Mac OS X Introduction An Overview of XNU Kernel Debugging Kernel Extensions (Kext) The Execution Step Exploitation Notes Summary Endnotes Chapter 6 Windows Introduction Windows Kernel Overview The Execution Step Practical Windows Exploitation Summary Endnotes Part III Remote Kernel Exploitation Chapter 7 Facing the Challenges of Remote Kernel Exploitation Introduction Attacking Remote Vulnerabilities Executing the First I
- No. of pages:
- © Syngress 2011
- 15th September 2010
- eBook ISBN:
- Paperback ISBN:
Enrico Perla currently works as a kernel programmer at Oracle. He received his B.Sc. in Computer Science from the University of Torino, and his M.Sc. in Computer Science from Trinity College Dublin. His interests range from low-level system programming to low-level system attacking, exploiting, and exploit countermeasures.
Kernel Programmer, Oracle
Massimiliano Oldani currently works as a Security Consultant at Emaze Networks. His main research topics include operating system security and kernel vulnerabilities.
Security Consultant, Emaze Networks
"A very interesting book that not only exposes readers to kernel exploitation techniques, but also deeply motivates the study of operating systems internals, moving such study far beyond simple curiosity."--Golden G. Richard III, Ph.D., Professor of Computer Science, University of New Orleans and CTO, Digital Forensics Solutions, LLC