The existing collection of links related to Linux kernel security and exploitation is here:
https://github.com/xairy/linux-kernel-exploitation
New articles, talks, and other updates will be published as new posts on this channel.
https://github.com/xairy/linux-kernel-exploitation
New articles, talks, and other updates will be published as new posts on this channel.
Linux Kernel Security pinned «The existing collection of links related to Linux kernel security and exploitation is here: https://github.com/xairy/linux-kernel-exploitation New articles, talks, and other updates will be published as new posts on this channel.»
Linux kernel exploitation collection updates
Materials updates for September/October.
https://github.com/xairy/linux-kernel-exploitation/commit/bedc708384015c8c5535d6ee947363659fbf4227
Materials updates for September/October.
https://github.com/xairy/linux-kernel-exploitation/commit/bedc708384015c8c5535d6ee947363659fbf4227
GitHub
September/October updates · xairy/linux-kernel-exploitation@bedc708
A collection of links related to Linux kernel security and exploitation - xairy/linux-kernel-exploitation
Fuzzing for eBPF JIT bugs in the Linux kernel
By Simon Scannell.
https://scannell.me/fuzzing-for-ebpf-jit-bugs-in-the-linux-kernel/
By Simon Scannell.
https://scannell.me/fuzzing-for-ebpf-jit-bugs-in-the-linux-kernel/
The Linux eBPF verifier, the gift that keeps on giving
An LPE exploit for CVE-2020-27194.
https://haxx.in/blasty-vs-ebpf.c
An LPE exploit for CVE-2020-27194.
https://haxx.in/blasty-vs-ebpf.c
kasan: boot parameters for hardware tag-based mode
Patchset, part of the Memory Tagging in production effort.
https://lkml.org/lkml/2020/11/4/1338
Patchset, part of the Memory Tagging in production effort.
https://lkml.org/lkml/2020/11/4/1338
PLATYPUS: Software-based Power Side-Channel Attacks on x86
Side-channel attack via Intel Running Average Power Limit (RAPL). On Linux RAPL counters are available to unprivileged users, and the attack allows leaking encryption keys from kernel modules and bypassing KASLR.
Info: https://platypusattack.com/
Paper: https://platypusattack.com/platypus.pdf
Fix: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=949dd0104c496fa7c14991a23c03c62e44637e71
Side-channel attack via Intel Running Average Power Limit (RAPL). On Linux RAPL counters are available to unprivileged users, and the attack allows leaking encryption keys from kernel modules and bypassing KASLR.
Info: https://platypusattack.com/
Paper: https://platypusattack.com/platypus.pdf
Fix: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=949dd0104c496fa7c14991a23c03c62e44637e71
We now have a chat for comments and discussions: @linkersec_chat
Debugging the Kernel with QEMU by Keith Makan
The first post of a potential upcoming Linux kernel exploitation series. Building and running Linux kernel in QEMU. Debugging a kernel module with GDB.
https://blog.k3170makan.com/2020/11/linux-kernel-exploitation-0x0-debugging.html
The first post of a potential upcoming Linux kernel exploitation series. Building and running Linux kernel in QEMU. Debugging a kernel module with GDB.
https://blog.k3170makan.com/2020/11/linux-kernel-exploitation-0x0-debugging.html
K3170Makan
[Linux Kernel Exploitation 0x0] Debugging the Kernel with QEMU
Hacking,Information Security,Penetration Testing,Google Hacking,Google Dorking,Keith Makan,Black Hat,Security Research,InfoSec,Web Site Security