Linux Kernel Hacking: A to Z

💡 Course Features

This course is designed to provide general knowledge about Linux kernel hacking.

Linux kernel hacking is a field that has very little study material in Korea, and there are numerous difficulties starting from the environment configuration stage. However, if you take this course, you can easily study not only environment configuration , but also various protection techniques bypass methods and various vulnerabilities .

Also, unlike other information security lectures that simply teach how to use specific tools or reintroduce already well-known hacking techniques, this lecture is characterized by introducing various exploit techniques based on the low-level operating principles.

▲ Privilege escalation caused by exploiting a vulnerability in the Linux kernel

In recent years, Linux kernel problems have been consistently included in major CTFs. Recently, the frequency of appearances has been increasing. If you "completely" understand this lecture, you will be able to solve most of the Linux kernel problems presented in CTFs, and I would like to tell you that it will be of great help in finding vulnerabilities in the real world.

Lastly, the most notable feature of this course is that the instructor provides practice example files for each lecture. Through these practice example files, students can follow the lectures and debug them themselves.

📖 What will you learn in each section?

▲ Section 4.6. Userfaultfd Utilization Technique Lecture Materials

This lecture consists mostly of presentations using Keynote, as in the examples above.

• Section 0. Lecture Prologue

Before we begin the lecture in earnest, this section provides a brief introduction to the instructor and explains the lecture plan.

• Section 1. Linux Kernel Hacking Background

This section covers the basic background knowledge needed to hack the Linux kernel.

• Section 2. Setting up the Linux Kernel Analysis Environment

This section will show you how to set up an environment for debugging the Linux kernel. In the process of setting up an environment for the real world, you will build the Linux kernel and file system yourself, and in the process of setting up an environment for CTF, you will learn about the preparation process for solving a problem.

• Section 3. Linux Kernel Protection Techniques and Bypasses

This section will learn about the various protection techniques of the Linux kernel and practice techniques to bypass each protection technique. The protection techniques to be studied are those of Intel series architectures, and a total of 6 protection techniques will be studied. In addition, from this section onwards, practice example files will be provided for each lecture.

• Section 4. Practice with various kernel attack techniques

This section explores various techniques that can be used to escalate privileges when a Linux kernel vulnerability is exploited.

• Section 5. Analysis of various Linux kernel vulnerabilities

This section covers the different types of vulnerabilities that can occur in the Linux kernel.

• Section 6. Practice Contest Problems - Input Test Driver

This is a section where we solve Linux kernel problems that were actually presented in CTF. The problem to be solved is the Input Test Driver problem presented in the 2020 Defenit CTF , a competition run by the instructor's team.

• Section 7. Lecture Epilogue

This section concludes the lecture by introducing references that will be helpful when studying the Linux kernel.

✏️ Background knowledge for attending lectures

• Minimum background knowledge

1. C language

• Recommended Background Knowledge

1. Knowledge related to system hacking (BOF, ROP, UAF, etc.)
2. Assembly language (x86_64)

🙋🏻‍♂️ Expected Questions Q&A

Q. I have never hacked a system before and I don't know assembly language. Can I still take the course?
A. When producing each lecture, we make it so that even those who are not experts in system hacking can listen to it, so whenever a new term appears, an explanation for it is included in the lecture.

However, since this is a summarized explanation, you should study it in parallel with searching Google when you encounter concepts you don't know, and keep in mind that if you take the course without any knowledge of system hacking, the learning period will be much longer.

Q. What version of Linux do you use?
A. In my case, I used Ubuntu 18.04 version. (https://releases.ubuntu.com/18.04/)

Q. The lectures are serialized, so when will the remaining lectures be uploaded?
A. All lectures have now been uploaded.