24C3 - 1.01

24th Chaos Communication Congress
Volldampf voraus!

Referenten
sgrakkyu
twiz
Programm
Tag Tag 3 (2007-12-29)
Raum Saal 3
Beginn 17:15
Dauer 01:00
Info
ID 2353
Veranstaltungstyp lecture
Track Hacking
Sprache en
Feedback

From Ring Zero to UID Zero

A couple of stories about kernel exploiting

The process of exploiting kernel based vulnerabilities is one of the topics which have received more attention (and kindled more interest) among security researchers, coders and addicted.

Due to the intrinsic complexity of the kernel, each exploit has been mostly a story on itself, and very little work has been done into finding a general modelization and presenting general exploiting approaches for at least some common categories of bugs. Moreover, the main target has usually been the Linux operating system on the x86 architecture.

This talk reprises and continues the attempt done in this direction with the Phrack64 paper “Attacking the Core: Kernel Explotation Notes” that we released six months ago. A more in-depth discussion of some Solaris kernel issue (both on x86 and SPARC) and a more detailed analysis of Race Conditions will be presented.

Archived page - Impressum/Datenschutz