Table of Content

• Introduction to Linux Kernel Exploitation
• Setting up kernel debugging with gdb and qemu
• Understanding virtual device model and ioctls in Linux
• Understanding process privileges in kernel mode
• Getting your hands dirty with first crash
• Controlling EIP in kernel
• Introduction to Ret2usr attack
• Introduction to kROP to bypass SMEP
• Bypassing KASLR
• Understanding Linux Kernel Heap
• Triggering heap overflow
• Heap Spraying in Linux Kernel
• Leaking kernel pointers from heap objects
• Bypassing KASLR
• Generating kROP for exploit
• Getting Code Execution


• Understanding Use After Free
• Heap Spraying
• Bypassing KASLR
• Bypassing SMEP using kROP
• Getting Code Execution


• Familiarity with Intel x86 and x86_64 Assembly
• Experience with debuggers (gdb preferred)
• Understanding of C and Assembly Languages
• Familiarity with Linux
• Previous experience with user-mode exploitation techniques and mitigation bypasses (such as
buffer overflow, stack canary, DEP and ASLR)

Hardware and Software Requirements

• At least 8 GB RAM (16 Preferred)
• Intel based processor (no Mac Silicon)
• Ubuntu 64-bit as Virtual Machine

Himanshu Khokhar Jaat
social, social network, icon-1834013.jpglinkedin, linkedin icon, linkedin logo-3000959.jpg 
Hall Name: Hall 2
Time: 8 Hour

Linux Kernel Exploitation Bootcamp is an 8-hour training workshop focused towards providing
and introduction to Linux Kernel exploitation. Exploitation of memory corruption vulnerabilities is
getting harder and harder in the user mode as there are lots of mitigation from secure coding
guidelines to compiler flags auto enabled to OS provided functionalities that cover for the lack of
actively hardened binaries. The Linux kernel presents a better alternative to gain privileges in
terms of attacking as the kernel is huge in terms of size and code execution in kernel mode
results in complete system takeover.
Though the course is designed for absolute beginners in kernel exploitation, it does require
understanding of common exploitation techniques such as buffer overflow (stack and heap),
integer overflows, use after free and familiarity with exploit mitigation techniques such as stack
canaries, NX/DEP, ASLR, etc.
By the end of the training, the students will be comfortable in exploiting common kernel
vulnerabilities such as stack and heap based overflows, out of bound read/writes and use after
free and SMEP, KPTI, ASLR bypasses.

About Speakers

Himanshu Khokhar Jaat is an accomplished vulnerability researcher and cyber security speaker who
has a profound enthusiasm for malware research, operating system security, and low level attacks

with an emphasis on finding and addressing vulnerabilities in complex systems utilising cutting-
edge tools and methods. He has spoken at a number of conferences, including leHack, BSides

Maharastra, UnitedCon, and many null | OWASP chapters, on the subjects of rootkits, reverse
engineering, and exploiting on ARM and Windows Kernel platforms. He is currently focused on
Linux kernel attacks on general purpose as well as embedded platforms.
Twitter: @rwprimitive