So you thought the Linternals series was hype? Get ready for the even SEO friendlier LiKE, a series on all things Linux kernel exploitation.
I just couldn't help myself, despite spending my work days doing kernel exploit development, I'm just that keen that I want to also cover it on my personal blog.
Seriously though, I think it's an extremely interesting topic for us to cover and will tie in nicely with the kernel internals knowledge we pick up from the Linternals series.
Highlighted well in P0's recent post "The More You Know, The More You Know You Don’t Know", I think there is value in sharing and educating industry on the methodology and techniques that are being used by attackers. Plus kernel stuff is just cool right?
In terms of actual content, there's lots of scope for topics we can cover, and I'm happy to hear your thoughts and suggestions. I have a few different areas I'd like to cover:
- Kernel exploitation techniques: often times kernel exploitation techniques are covered as part of a broader post on exploiting a particular bug, so I want to spend some time putting the spotlight on specific techniques - talking about when, why and how they're used as well as covering existing, future or possible mitigations.
- Perhaps also highlighting mitigations? Talking about existing or upcoming security mitigations and how they impact(ed) the kernel exploitation space
- Classic kernel writeups: whether CTFs or real world PoCs, I'm happy to spend some time providing technical coverage/analysis of cool stuff if that content isn't already out there
Feel free to fire any questions, suggestions or *gasp* corrections my way @sam4k.
Similar to the Linternals post, going forward I'll keep this up-to-date as a sort of table of content for published posts in the LiKE series.
- LiKE Techniques: modprobe_path
- So You Wanna Pwn The Kernel?: An introduction to learning kernel exploitation
Additionally, here's some kernel vulnerability research & exploit development related research or tools I've posted about too: