A Guide to Kernel Exploitation: Attacking the Core
A Guide to Kernel Exploitation: Attacking the Core discusses the theoretical techniques and approaches needed to develop reliable and effective kernel-level exploits, and applies them to different operating systems, namely, UNIX derivatives, Mac OS X, and Windows. Concepts and tactics are presented categorically so that even when a specifically detailed vulnerability has been patched, the foundational information provided will help hackers in writing a newer, better attack; or help pen testers, auditors, and the like develop a more concrete design and defensive structure.
The book is organized into four parts. Part I introduces the kernel and sets out the theoretical basis on which to build the rest of the book. Part II focuses on different operating systems and describes exploits for them that target various bug classes. Part III on remote kernel exploitation analyzes the effects of the remote scenario and presents new techniques to target remote issues. It includes a step-by-step analysis of the development of a reliable, one-shot, remote exploit for a real vulnerabilitya bug affecting the SCTP subsystem found in the Linux kernel. Finally, Part IV wraps up the analysis on kernel exploitation and looks at what the future may hold.
Other editions - View all
0xdeadbeef access token addr address space approach arbitrary architecture array attacker binary buffer overflow bugs bytes cache Chapter char chunk create debugging dereference descriptor discuss driver DTrace entry EPROCESS structure example execution free object function pointer handler heap hypervisor implementation inside instruction integer ioctl kernel exploitation kernel extension kernel land kernel memory kernel path kernel stack Let,s Linux kernel load look Mac OS X machine mapping memory corruption module NULL offset OpenSolaris operating system overwrite parameters patches payload printf privileges race conditions remote kernel return address scenario SCTP segment shellcode simply slab allocator specific stored struct syscall sysent system call target technique trigger UNIX unsigned long user space user-land user-land process user-mode variable vDSO virtual address void vulnerability we,ll Windows Server 2003 write