A Guide to Kernel Exploitation - 1st Edition - ISBN: 9781597494861, 9781597494878

A Guide to Kernel Exploitation

1st Edition

Attacking the Core

Authors: Enrico Perla Massimiliano Oldani
eBook ISBN: 9781597494878
eBook ISBN: 9781597496308
Paperback ISBN: 9781597494861
Imprint: Syngress
Published Date: 15th September 2010
Page Count: 464
Sales tax will be calculated at check-out Price includes VAT/GST
25% off
25% off
25% off
25% off
25% off
20% off
20% off
25% off
25% off
25% off
25% off
25% off
20% off
20% off
25% off
25% off
25% off
25% off
25% off
20% off
20% off
49.95
37.46
37.46
37.46
37.46
37.46
39.96
39.96
35.99
26.99
26.99
26.99
26.99
26.99
28.79
28.79
44.95
33.71
33.71
33.71
33.71
33.71
35.96
35.96
Unavailable
Price includes VAT/GST
× DRM-Free

Easy - Download and start reading immediately. There’s no activation process to access eBooks; all eBooks are fully searchable, and enabled for copying, pasting, and printing.

Flexible - Read on multiple operating systems and devices. Easily read eBooks on smart phones, computers, or any eBook readers, including Kindle.

Open - Buy once, receive and download all available eBook formats, including PDF, EPUB, and Mobi (for Kindle).

Institutional Access

Secure Checkout

Personal information is secured with SSL technology.

Free Shipping

Free global shipping
No minimum order.

Description

A Guide to Kernel Exploitation: Attacking the Core discusses the theoretical techniques and approaches needed to develop reliable and effective kernel-level exploits, and applies them to different operating systems, namely, UNIX derivatives, Mac OS X, and Windows. Concepts and tactics are presented categorically so that even when a specifically detailed vulnerability has been patched, the foundational information provided will help hackers in writing a newer, better attack; or help pen testers, auditors, and the like develop a more concrete design and defensive structure. The book is organized into four parts. Part I introduces the kernel and sets out the theoretical basis on which to build the rest of the book. Part II focuses on different operating systems and describes exploits for them that target various bug classes. Part III on remote kernel exploitation analyzes the effects of the remote scenario and presents new techniques to target remote issues. It includes a step-by-step analysis of the development of a reliable, one-shot, remote exploit for a real vulnerabilitya bug affecting the SCTP subsystem found in the Linux kernel. Finally, Part IV wraps up the analysis on kernel exploitation and looks at what the future may hold.

Key Features

  • Covers a range of operating system families — UNIX derivatives, Mac OS X, Windows
  • Details common scenarios such as generic memory corruption (stack overflow, heap overflow, etc.) issues, logical bugs and race conditions
  • Delivers the reader from user-land exploitation to the world of kernel-land (OS) exploits/attacks, with a particular focus on the steps that lead to the creation of successful techniques, in order to give to the reader something more than just a set of tricks

 

Readership

Intermediate to advanced pen testers, hackers and OS system designers and developers

Table of Contents


Foreword

Preface

Acknowledgments

About the Authors

About the Technical Editor

Part I A Journey to Kernel Land

Chapter 1 From User-Land to Kernel-Land Attacks

Introduction

Introducing the Kernel and the World of Kernel Exploitation

Why Doesn’t My User-Land Exploit Work Anymore?

An Exploit Writer’s View of the Kernel

Open Source versus Closed Source Operating Systems

Summary

Related Reading

Endnote

Chapter 2 A Taxonomy of Kernel Vulnerabilities

Introduction

Uninitialized/Nonvalidated/Corrupted Pointer Dereference

Memory Corruption Vulnerabilities

Integer Issues

Race Conditions

Logic Bugs (a.k.a. the Bug Grab Bag)

Summary

Endnotes

Chapter 3 Stairway to Successful Kernel Exploitation

Introduction

A Look at the Architecture Level

The Execution Step

The Triggering Step

The Information-Gathering Step

Summary

Related Reading

Part II The UNIX Family, Mac OS X, and Windows

Chapter 4 The UNIX Family

Introduction

The Members of the UNIX Family

The Execution Step

Practical UNIX Exploitation

Summary

Endnotes

Chapter 5 Mac OS X

Introduction

An Overview of XNU

Kernel Debugging

Kernel Extensions (Kext)

The Execution Step

Exploitation Notes

Summary

Endnotes

Chapter 6 Windows

Introduction

Windows Kernel Overview

The Execution Step

Practical Windows Exploitation

Summary

Endnotes

Part III Remote Kernel Exploitation

Chapter 7 Facing the Challenges of Remote Kernel Exploitation

Introduction

Attacking Remote Vulnerabilities

Executing the First Instruction

Remote Payloads

Summary

Endnote

Chapter 8 Putting It All Together: A Linux Case Study

Introduction

SCTP FWD Chunk Heap Memory Corruption

Remote Exploitation: An Overall Analysis

Getting the Arbitrary Memory Overwrite Primitive

Installing the Shellcode

Executing the Shellcode

Summary

Related Reading

Endnote

Part IV Final Words

Chapter 9 Kernel Evolution: Future Forms of Attack and Defense

Introduction

Kernel Attacks

Kernel Defense

Beyond Kernel Bugs: Virtualization

Summary

Index






Details

No. of pages:
464
Language:
English
Copyright:
© Syngress 2011
Published:
Imprint:
Syngress
eBook ISBN:
9781597494878
eBook ISBN:
9781597496308
Paperback ISBN:
9781597494861

About the Author

Enrico Perla

Enrico Perla currently works as a kernel programmer at Oracle. He received his B.Sc. in Computer Science from the University of Torino, and his M.Sc. in Computer Science from Trinity College Dublin. His interests range from low-level system programming to low-level system attacking, exploiting, and exploit countermeasures.

Affiliations and Expertise

Kernel Programmer, Oracle

Massimiliano Oldani

Massimiliano Oldani currently works as a Security Consultant at Emaze Networks. His main research topics include operating system security and kernel vulnerabilities.

Affiliations and Expertise

Security Consultant, Emaze Networks

Reviews

"A very interesting book that not only exposes readers to kernel exploitation techniques, but also deeply motivates the study of operating systems internals, moving such study far beyond simple curiosity."--Golden G. Richard III, Ph.D., Professor of Computer Science, University of New Orleans and CTO, Digital Forensics Solutions, LLC

Ratings and Reviews