Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

FUZE - Towards Facilitating Exploit Generation for Kernel Use-After-Free Vulnerabilities

USENIX via YouTube

Overview

Explore a conference talk on FUZE, a framework designed to facilitate exploit generation for kernel Use-After-Free (UAF) vulnerabilities. Delve into the challenges of accurately determining exploitability and the need for automated techniques. Learn how FUZE combines kernel fuzzing with symbolic execution to identify and analyze system calls useful for kernel UAF exploitation. Discover the framework's implementation on a 64-bit Linux system and its effectiveness in escalating exploitability and diversifying working exploits for 15 real-world kernel UAF vulnerabilities. Gain insights into how FUZE can aid in security mitigation bypassing and make exploitability evaluation more efficient and less labor-intensive.

Syllabus

Intro
Background (cont.)
Crafting an Exploit for Kernel Use-After-Free
Needs Intensive Manual Efforts
Needs Extensive Expertise in Kernel
Needs Security Expertise
Some Past Research Potentially Tackling the Challenges
A Real World Example (CVE-2017-15649)
No Primitive Needed for Exploitation
Roadmap
FUZE - Extracting Critical Info.
FUZE - Performing Kernel Fuzzing
FUZE - Performing Symbolic Execution
Useful primitive identification
Case Study (cont)
Discussion on Failure Cases
Conclusion
Questions
THE ADVANCED COMPUTING SYSTEMS ASSOCIATION

Taught by

USENIX

Reviews

Start your review of FUZE - Towards Facilitating Exploit Generation for Kernel Use-After-Free Vulnerabilities

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.