Breaking Bits
  • What this gitbook is
  • Vulnerability Discovery
    • Reverse Engineering
      • Modern Vulnerability Research Techniques on Embedded Systems
      • Remote Dynamic Blackbox Java App Analysis
    • Emulation
      • QEMU Usermode Tracing
      • Building QEMU on Ubuntu
    • Fuzzing with AFL
    • Automated Vulnerability Discovery
      • Buffer Overflows
      • Analyzing Functions
    • Automatic Exploit Generation
      • Automatic Rop Chain Generation
  • CTF
  • Battelle Shmoocon 2024
    • Time Jump Planner
  • Spaceheros CTF 2022
    • RE: Shai-Hulud
  • UMDCTF 2020
    • UMDCTF 2020: Evil Santa's Mysterious Box of Treats
  • UMDCTF 2022
    • Tracestory
  • Spaceheroes CTF 2023
    • Everything-is-wrong
  • US CyberGames RE-Cruise 4
  • Firmware Emulator
  • Interactive Firmware Emulator Usage
  • Recreating CVE-2015-1187 in the DIR-820L
  • Exploit Development
    • Linux kernel exploit development
      • Setup
      • Interacting with Kernel Modules
      • Kernel stack cookies
      • Kernel Address Space Layout Randomization (KALSR)
      • Supervisor mode execution protection (SMEP)
      • Kernel page table isolation (KPTI)
      • Supervisor Mode Access Prevention (SMAP)
Powered by GitBook
On this page

Was this helpful?

  1. Exploit Development

Linux kernel exploit development

PreviousRecreating CVE-2015-1187 in the DIR-820LNextSetup

Last updated 3 years ago

Was this helpful?

Inspired by on Linux kernel exploit development, this series follows the same pattern of exploit mitigations using and includes all of my code and examples

Topics include: * * * * * * * * modprobe_path * cred_struct overwritting

Protections TLDR:

KASLR - Requires a leak to exploit

SMEP - Can't execute shellcode in userspace while in kernelmode (Kind of like DEP/NX)

SMAP - No reading or writing from userspace pages while in kernelmode (Stack pivots harder)

KPTI - Separate kernel space from user space. Need to swap between pages

Midas's series
pwn.college's kernel
here
Setup
Interacting with kernel modules (ioctl, character devices)
Stack cookies
KASLR
SMEP
SMAP
KPTI