Breaking Bits
Search…
⌃K

Linux kernel exploit development

Inspired by Midas's series on Linux kernel exploit development, this series follows the same pattern of exploit mitigations using pwn.college's kernel and includes all of my code and examples here
Topics include: * Setup * Interacting with kernel modules (ioctl, character devices) * Stack cookies * KASLR * SMEP * SMAP * KPTI * modprobe_path * cred_struct overwritting
Protections TLDR:
KASLR - Requires a leak to exploit
SMEP - Can't execute shellcode in userspace while in kernelmode (Kind of like DEP/NX)
SMAP - No reading or writing from userspace pages while in kernelmode (Stack pivots harder)
KPTI - Separate kernel space from user space. Need to swap between pages