By Pray3r
-[ 0. About this documentation
I am researching linux kernel exploitation for the outline and reference books/papers. I will keep update this list and share some of my findings on HardenedLinux. If you have any questions or suggestions don’t hesitate to contact me.
-[ 1. Review
- Linux Memory Management
-[ 2. Exploitation
-[ 2.1 Attack Surface
-[ 2.2 A Taxonomy of Kernel Vulnerabilities
-[ 2.3 Finding VULNS/BUGS
-[ 2.3.1 Fuzzing
Reading/Modifying these tools’ code, and I try to write new one.
-[ 2.3.2 Code Audit
-[ 2.4 Kernel Exploitation
-[ 2.5 Bypass Self-protection (Stable Exploit)
-[ 3. Reference Books
- Linux Kernel Development, 3rd Edition – Robert Love [Amazon]
- Understand Linux Kernel, 3rd Edition – Daniel P. Bovet, Marco Cesati [Amazon]
- Linux Device Drivers, 3rd Edition – Jonathan Corbet, Alessandro Rubini, Greg Kroah-Hartman [Amazon]
- Understanding Linux Network Internals – Christian Benvenuti [Amazon]
- Understanding The Linux Virtual Memory Manager – Mel Gorman [Amazon]
- A Bug Hunter’s Diary: A Guided Tour Through the Wilds of Software Security – Tobias Klein [Amazon]
- Hacking: The Art of Exploitation, 2nd Edition – Jon Erickson [Amazon]
- A Guide to Kernel Exploitation: Attacking the Core – Enrico Perla B.Sc. Computer Science University of Torino M.Sc. Computer Science Trinity College Dublin, Massimiliano Oldani [Amazon]
- The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities – Mark Dowd, John McDonald, Justin Schuh [Amazon]
- Fuzzing: Brute Force Vulnerability Discovery – Michael Sutton, Adam Greene, Pedram Amini [Amazon]
- Fuzzing for Software Security Testing and Quality Assuranc – Ari Takanen, Jared DeMott, Charlie Miller [Amazon]
-[ 4. Reference Papers
- Intel® 64 and IA-32 Architectures Software Developer Manuals
- Attacking the Core : Kernel Exploiting Notes
- Linux Kernel Heap Tampering Detection
- Linux Kernel CAN SLUB Overflow
- A Heap of Trouble: Breaking the Linux Kernel SLOB Allocator
- Automatic Bug-finding Techniques for Linux Kernel
- Vulnerability Extrapolation: Assisted Discovery of Vulnerabilities Using Machine Learning
- Offset2lib: bypassing full ASLR on 64bit Linux
- 64-bit Linux Return-Oriented Programming
- Defeating Solar Designer’s Non-executable Stack Patch Summary
- Introduction to return oriented programming (ROP)
- The advanced return-into-lib(c) exploits: PaX case study