Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Exploiting UAF by Ret2bpf in Android Kernel

Hack In The Box Security Conference via YouTube

Overview

Explore the intricacies of exploiting a Use-After-Free vulnerability in the Android kernel through a comprehensive conference talk from the Hack In The Box Security Conference. Delve into the discovery and analysis of CVE-2021-0399, a 10-year-old vulnerability in the xt_qtaguid kernel module used for monitoring network socket status. Learn about the history of vulnerabilities in this module and various exploitation techniques, with a focus on circumventing CONFIG_ARM64_UAO using the ret2bpf method. Witness a video demonstration of local privilege escalation on a Mi9 device running the latest version of Android Pie with modern kernel protections. Gain insights into additional mitigations in current Android versions, Google's knowledge of the vulnerability, and their methods for statically and dynamically detecting Android exploit samples, including the use of eBPF. Benefit from the expertise of presenters Xingyu Jin and Richard Neal, experienced security engineers from Google's Android Security team, as they share their knowledge on Android kernel exploit analysis, detection, and malware research.

Syllabus

#HITB2021SIN D1T1 - Exploiting UAF By Ret2bpf In Android Kernel - Xingyu Jin & Richard Neal

Taught by

Hack In The Box Security Conference

Reviews

Start your review of Exploiting UAF by Ret2bpf in Android Kernel

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.