Overview
Syllabus
Introduction
About me
Agenda
Kernel Vulnerabilities
Linux
Kernel Attack Model
Why do they work
Protections
Summary
Questions
Return to Direct Map Memory
Kernel Space Layout
Role of Kernel Space Layout
Properties of the Region
Threat Model
Addressaliasing
Attack
Location of synonym
Problems
How
Second problem
How Linux manages physical memory
How Linux manages page frames
What if page frames are not available
Fishmap sprain
Fishmap signatures
Vulnerability overview
Vulnerability data structure
Static kee
How to abuse it
How it works
What happens if this map is not executable
How this works
Demo
Exploit DB
Probability of success
Pagegas
Taught by
Black Hat