Breaking the Glass Sandbox

Explore techniques for discovering reachable code paths and exploitable bugs in Linux kernel sandboxes in this 51-minute conference talk from Recon 2022. Learn how to identify vulnerable kernel components, write simple bug reproducers, and apply these methods for both offensive and defensive purposes. Gain insights into targeting exposed code paths to find valuable bugs, monitoring commits for silent security fixes, and determining the usability of syzbot-reported issues. Discover neat tricks to access more vulnerable code and understand the importance of these techniques in the context of sandboxed environments like Android apps. Walk away with practical knowledge on attack surface reduction, kernel hardening, and identifying kernel components ripe for exploitation.