Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Kernel Exploitation with a File System Fuzzer

Hack In The Box Security Conference via YouTube

Overview

Explore kernel exploitation techniques using a file system fuzzer in this 43-minute conference talk from Hack In The Box Security Conference. Discover how researchers utilized JANUS, a filesystem fuzzer developed by Georgia Tech Systems Software & Security Lab, to uncover 16 unique vulnerabilities. Learn about the challenges of filesystem exploitation, including code complexity and the gap between finding crashes and achieving arbitrary code execution. Gain insights into Linux kernel exploit techniques, R/W primitive attacks, and kernel control flow hijacking. Examine the structure and limitations of filesystems as attack surfaces, and understand the process of porting JANUS to the latest kernel version. Get introduced to new tools for crash-proof triage and filesystem fuzzing monitoring. Delve into topics such as file system fundamentals, vulnerability classification, exploitation methods, and specific case studies involving App2FS, MTime, and Use-After-Free vulnerabilities.

Syllabus

Introduction
Table of Contents
File System
CV Ratio
Slab of Vulnerability
App2FS
MTime
Exe
UAF
Kernel Exploitation Methods

Taught by

Hack In The Box Security Conference

Reviews

Start your review of Kernel Exploitation with a File System Fuzzer

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.