The Art of Exploiting UAF by Ret2bpf in Android Kernel

The Art of Exploiting UAF by Ret2bpf in Android Kernel

Black Hat via YouTube Direct link

KASLR Leak

7 of 21

7 of 21

KASLR Leak

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

The Art of Exploiting UAF by Ret2bpf in Android Kernel

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Intro
  2. 2 xt_qtaguld - Introduction
  3. 3 xt_qtagulud Open Device
  4. 4 CVE-2017-13273
  5. 5 eventfd leaks kernel heap address
  6. 6 Step 1 - Double Free on kmalloc-128
  7. 7 KASLR Leak
  8. 8 Rooting (possible primitives)
  9. 9 Step 3 - Rooting (controlling seq_operations)
  10. 10 Step 3 - Rooting (overwriting addr_limit?)
  11. 11 Step 3 - Rooting (the ultimate ROP)
  12. 12 Step 3 - Rooting (root shell)
  13. 13 Summarization for Exploiting CVE-2021-0399
  14. 14 CONFIG_SLAB_FREELIST HARDENED
  15. 15 KFENCE
  16. 16 Kernel Control Flow Integrity
  17. 17 CONFIG_DEBUG_LIST
  18. 18 On-Device Protection
  19. 19 Backend Infrastructure
  20. 20 Behavioural Detection
  21. 21 Summary

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.