Joel Eriksson & Panel: Kernel Wars
Manage episode 152211986 series 1053194
Black Hat Briefings, USA 2007 [Video] Presentations from the security conference.에서 제공하는 콘텐츠입니다. 에피소드, 그래픽, 팟캐스트 설명을 포함한 모든 팟캐스트 콘텐츠는 Black Hat Briefings, USA 2007 [Video] Presentations from the security conference. 또는 해당 팟캐스트 플랫폼 파트너가 직접 업로드하고 제공합니다. 누군가가 귀하의 허락 없이 귀하의 저작물을 사용하고 있다고 생각되는 경우 여기에 설명된 절차를 따르실 수 있습니다 https://ko.player.fm/legal.
Kernel vulnerabilities are often deemed unexploitable or at least unlikely to be exploited reliably. Although it's true that kernel-mode exploitation often presents some new challenges for exploit developers, it still all boils down to ""creative debugging"" and knowledge about the target in question.
This talk intends to demystify kernel-mode exploitation by demonstrating the analysis and reliable exploitation of three different kernel vulnerabilities without public exploits. From a defenders point of view this could hopefully serve as an eye-opener, as it demonstrates the ineffectiveness of HIDS, NX, ASLR and other protective measures when the kernel itself is being exploited.
The entire process will be discussed, including how the vulnerabilities were found, how they were analyzed to determine if and how they can be reliably exploited and of course the exploits will be demonstrated in practice.
The vulnerabilities that will be discussed are:
- FreeBSD 802.11 Management Frame Integer Overflow
Found and exploited by Karl Janmar.
Advisory: http://www.signedness.org/advisories/sps-0x1.txt
- NetBSD Local Kernel Heap Overflow
Found by Christer ?berg, exploited by Christer ?berg and Joel Eriksson.
- Windows (2000 & XP) Local GDI Memory Overwrite
Found by Cesar Cerrudo, exploited by Joel Eriksson.
Advisory: http://projects.info-pull.com/mokb/MOKB-06-11-2006.html
More information about the vulnerabilities can be found at:
http://kernelwars.blogspot.com/
…
continue reading
This talk intends to demystify kernel-mode exploitation by demonstrating the analysis and reliable exploitation of three different kernel vulnerabilities without public exploits. From a defenders point of view this could hopefully serve as an eye-opener, as it demonstrates the ineffectiveness of HIDS, NX, ASLR and other protective measures when the kernel itself is being exploited.
The entire process will be discussed, including how the vulnerabilities were found, how they were analyzed to determine if and how they can be reliably exploited and of course the exploits will be demonstrated in practice.
The vulnerabilities that will be discussed are:
- FreeBSD 802.11 Management Frame Integer Overflow
Found and exploited by Karl Janmar.
Advisory: http://www.signedness.org/advisories/sps-0x1.txt
- NetBSD Local Kernel Heap Overflow
Found by Christer ?berg, exploited by Christer ?berg and Joel Eriksson.
- Windows (2000 & XP) Local GDI Memory Overwrite
Found by Cesar Cerrudo, exploited by Joel Eriksson.
Advisory: http://projects.info-pull.com/mokb/MOKB-06-11-2006.html
More information about the vulnerabilities can be found at:
http://kernelwars.blogspot.com/
89 에피소드