A Guide to Kernel Exploitation

A Guide to Kernel Exploitation

Attacking the Core

1st Edition - September 15, 2010

Write a review

  • Authors: Enrico Perla, Massimiliano Oldani
  • Paperback ISBN: 9781597494861
  • eBook ISBN: 9781597494878

Purchase options

Purchase options
Available
DRM-free (PDF, EPub, Mobi)
Sales tax will be calculated at check-out

Institutional Subscription

Free Global Shipping
No minimum order

Description

A Guide to Kernel Exploitation: Attacking the Core discusses the theoretical techniques and approaches needed to develop reliable and effective kernel-level exploits, and applies them to different operating systems, namely, UNIX derivatives, Mac OS X, and Windows. Concepts and tactics are presented categorically so that even when a specifically detailed vulnerability has been patched, the foundational information provided will help hackers in writing a newer, better attack; or help pen testers, auditors, and the like develop a more concrete design and defensive structure.The book is organized into four parts. Part I introduces the kernel and sets out the theoretical basis on which to build the rest of the book. Part II focuses on different operating systems and describes exploits for them that target various bug classes. Part III on remote kernel exploitation analyzes the effects of the remote scenario and presents new techniques to target remote issues. It includes a step-by-step analysis of the development of a reliable, one-shot, remote exploit for a real vulnerabilitya bug affecting the SCTP subsystem found in the Linux kernel. Finally, Part IV wraps up the analysis on kernel exploitation and looks at what the future may hold.

Key Features

  • Covers a range of operating system families — UNIX derivatives, Mac OS X, Windows
  • Details common scenarios such as generic memory corruption (stack overflow, heap overflow, etc.) issues, logical bugs and race conditions
  • Delivers the reader from user-land exploitation to the world of kernel-land (OS) exploits/attacks, with a particular focus on the steps that lead to the creation of successful techniques, in order to give to the reader something more than just a set of tricks

Readership

Intermediate to advanced pen testers, hackers and OS system designers and developers

Table of Contents


  • Foreword

    Preface

    Acknowledgments

    About the Authors

    About the Technical Editor

    Part I A Journey to Kernel Land

    Chapter 1 From User-Land to Kernel-Land Attacks

    Introduction

    Introducing the Kernel and the World of Kernel Exploitation

    Why Doesn’t My User-Land Exploit Work Anymore?

    An Exploit Writer’s View of the Kernel

    Open Source versus Closed Source Operating Systems

    Summary

    Related Reading

    Endnote

    Chapter 2 A Taxonomy of Kernel Vulnerabilities

    Introduction

    Uninitialized/Nonvalidated/Corrupted Pointer Dereference

    Memory Corruption Vulnerabilities

    Integer Issues

    Race Conditions

    Logic Bugs (a.k.a. the Bug Grab Bag)

    Summary

    Endnotes

    Chapter 3 Stairway to Successful Kernel Exploitation

    Introduction

    A Look at the Architecture Level

    The Execution Step

    The Triggering Step

    The Information-Gathering Step

    Summary

    Related Reading

    Part II The UNIX Family, Mac OS X, and Windows

    Chapter 4 The UNIX Family

    Introduction

    The Members of the UNIX Family

    The Execution Step

    Practical UNIX Exploitation

    Summary

    Endnotes

    Chapter 5 Mac OS X

    Introduction

    An Overview of XNU

    Kernel Debugging

    Kernel Extensions (Kext)

    The Execution Step

    Exploitation Notes

    Summary

    Endnotes

    Chapter 6 Windows

    Introduction

    Windows Kernel Overview

    The Execution Step

    Practical Windows Exploitation

    Summary

    Endnotes

    Part III Remote Kernel Exploitation

    Chapter 7 Facing the Challenges of Remote Kernel Exploitation

    Introduction

    Attacking Remote Vulnerabilities

    Executing the First Instruction

    Remote Payloads

    Summary

    Endnote

    Chapter 8 Putting It All Together: A Linux Case Study

    Introduction

    SCTP FWD Chunk Heap Memory Corruption

    Remote Exploitation: An Overall Analysis

    Getting the Arbitrary Memory Overwrite Primitive

    Installing the Shellcode

    Executing the Shellcode

    Summary

    Related Reading

    Endnote

    Part IV Final Words

    Chapter 9 Kernel Evolution: Future Forms of Attack and Defense

    Introduction

    Kernel Attacks

    Kernel Defense

    Beyond Kernel Bugs: Virtualization

    Summary

    Index






Product details

  • No. of pages: 464
  • Language: English
  • Copyright: © Syngress 2010
  • Published: September 15, 2010
  • Imprint: Syngress
  • Paperback ISBN: 9781597494861
  • eBook ISBN: 9781597494878

About the Authors

Enrico Perla

Enrico Perla currently works as a kernel programmer at Oracle. He received his B.Sc. in Computer Science from the University of Torino, and his M.Sc. in Computer Science from Trinity College Dublin. His interests range from low-level system programming to low-level system attacking, exploiting, and exploit countermeasures.

Affiliations and Expertise

Kernel Programmer, Oracle

Massimiliano Oldani

Massimiliano Oldani currently works as a Security Consultant at Emaze Networks. His main research topics include operating system security and kernel vulnerabilities.

Affiliations and Expertise

Security Consultant, Emaze Networks

Ratings and Reviews

Write a review

There are currently no reviews for "A Guide to Kernel Exploitation"