A Guide to Kernel Exploitation
Attacking the Core
- 1st Edition - September 15, 2010
- Authors: Enrico Perla, Massimiliano Oldani
- Language: English
- Paperback ISBN:9 7 8 - 1 - 5 9 7 4 9 - 4 8 6 - 1
- eBook ISBN:9 7 8 - 1 - 5 9 7 4 9 - 4 8 7 - 8
A Guide to Kernel Exploitation: Attacking the Core discusses the theoretical techniques and approaches needed to develop reliable and effective kernel-level exploits, and applie… Read more
Purchase options
Institutional subscription on ScienceDirect
Request a sales quoteA Guide to Kernel Exploitation: Attacking the Core discusses the theoretical techniques and approaches needed to develop reliable and effective kernel-level exploits, and applies them to different operating systems, namely, UNIX derivatives, Mac OS X, and Windows. Concepts and tactics are presented categorically so that even when a specifically detailed vulnerability has been patched, the foundational information provided will help hackers in writing a newer, better attack; or help pen testers, auditors, and the like develop a more concrete design and defensive structure.
The book is organized into four parts. Part I introduces the kernel and sets out the theoretical basis on which to build the rest of the book. Part II focuses on different operating systems and describes exploits for them that target various bug classes. Part III on remote kernel exploitation analyzes the effects of the remote scenario and presents new techniques to target remote issues. It includes a step-by-step analysis of the development of a reliable, one-shot, remote exploit for a real vulnerabilitya bug affecting the SCTP subsystem found in the Linux kernel. Finally, Part IV wraps up the analysis on kernel exploitation and looks at what the future may hold.
The book is organized into four parts. Part I introduces the kernel and sets out the theoretical basis on which to build the rest of the book. Part II focuses on different operating systems and describes exploits for them that target various bug classes. Part III on remote kernel exploitation analyzes the effects of the remote scenario and presents new techniques to target remote issues. It includes a step-by-step analysis of the development of a reliable, one-shot, remote exploit for a real vulnerabilitya bug affecting the SCTP subsystem found in the Linux kernel. Finally, Part IV wraps up the analysis on kernel exploitation and looks at what the future may hold.
- Covers a range of operating system families — UNIX derivatives, Mac OS X, Windows
- Details common scenarios such as generic memory corruption (stack overflow, heap overflow, etc.) issues, logical bugs and race conditions
- Delivers the reader from user-land exploitation to the world of kernel-land (OS) exploits/attacks, with a particular focus on the steps that lead to the creation of successful techniques, in order to give to the reader something more than just a set of tricks
Intermediate to advanced pen testers, hackers and OS system designers and developers
Foreword
Preface
Acknowledgments
About the Authors
About the Technical Editor
Part I A Journey to Kernel Land
Chapter 1 From User-Land to Kernel-Land Attacks
Introduction
Introducing the Kernel and the World of Kernel Exploitation
Why Doesn’t My User-Land Exploit Work Anymore?
An Exploit Writer’s View of the Kernel
Open Source versus Closed Source Operating Systems
Summary
Related Reading
Endnote
Chapter 2 A Taxonomy of Kernel Vulnerabilities
Introduction
Uninitialized/Nonvalidated/Corrupted Pointer Dereference
Memory Corruption Vulnerabilities
Integer Issues
Race Conditions
Logic Bugs (a.k.a. the Bug Grab Bag)
Summary
Endnotes
Chapter 3 Stairway to Successful Kernel Exploitation
Introduction
A Look at the Architecture Level
The Execution Step
The Triggering Step
The Information-Gathering Step
Summary
Related Reading
Part II The UNIX Family, Mac OS X, and Windows
Chapter 4 The UNIX Family
Introduction
The Members of the UNIX Family
The Execution Step
Practical UNIX Exploitation
Summary
Endnotes
Chapter 5 Mac OS X
Introduction
An Overview of XNU
Kernel Debugging
Kernel Extensions (Kext)
The Execution Step
Exploitation Notes
Summary
Endnotes
Chapter 6 Windows
Introduction
Windows Kernel Overview
The Execution Step
Practical Windows Exploitation
Summary
Endnotes
Part III Remote Kernel Exploitation
Chapter 7 Facing the Challenges of Remote Kernel Exploitation
Introduction
Attacking Remote Vulnerabilities
Executing the First Instruction
Remote Payloads
Summary
Endnote
Chapter 8 Putting It All Together: A Linux Case Study
Introduction
SCTP FWD Chunk Heap Memory Corruption
Remote Exploitation: An Overall Analysis
Getting the Arbitrary Memory Overwrite Primitive
Installing the Shellcode
Executing the Shellcode
Summary
Related Reading
Endnote
Part IV Final Words
Chapter 9 Kernel Evolution: Future Forms of Attack and Defense
Introduction
Kernel Attacks
Kernel Defense
Beyond Kernel Bugs: Virtualization
Summary
Index
- No. of pages: 464
- Language: English
- Edition: 1
- Published: September 15, 2010
- Imprint: Syngress
- Paperback ISBN: 9781597494861
- eBook ISBN: 9781597494878
EP
Enrico Perla
Enrico Perla currently works as a kernel programmer at Oracle. He received his B.Sc. in Computer Science from the University of Torino, and his M.Sc. in Computer Science from Trinity College Dublin. His interests range from low-level system programming to low-level system attacking, exploiting, and exploit countermeasures.
Affiliations and expertise
Kernel Programmer, OracleMO
Massimiliano Oldani
Massimiliano Oldani currently works as a Security Consultant at Emaze Networks. His main research topics include operating system security and kernel vulnerabilities.
Affiliations and expertise
Security Consultant, Emaze NetworksRead A Guide to Kernel Exploitation on ScienceDirect