This lecture analyzes various protection techniques in the Linux kernel, methods to bypass them, and various vulnerabilities. Practical examples are provided for each lecture.
This course is designed to provide general knowledge about Linux kernel hacking.
Linux kernel hacking is a field that has very little study material in Korea, and there are numerous difficulties starting from the environment configuration stage. However, if you take this course, you can easily study not only environment configuration , but also various protection techniques bypass methods and various vulnerabilities .
Also, unlike other information security lectures that simply teach how to use specific tools or reintroduce already well-known hacking techniques, this lecture is characterized by introducing various exploit techniques based on the low-level operating principles.
▲ Privilege escalation caused by exploiting a vulnerability in the Linux kernel
In recent years, Linux kernel problems have been consistently included in major CTFs. Recently, the frequency of appearances has been increasing. If you "completely" understand this lecture, you will be able to solve most of the Linux kernel problems presented in CTFs, and I would like to tell you that it will be of great help in finding vulnerabilities in the real world.
Lastly, the most notable feature of this course is that the instructor provides practice example files for each lecture. Through these practice example files, students can follow the lectures and debug them themselves.
This lecture consists mostly of presentations using Keynote, as in the examples above.
Section 0. Lecture Prologue
Before we begin the lecture in earnest, this section provides a brief introduction to the instructor and explains the lecture plan.
Section 1. Linux Kernel Hacking Background
This section covers the basic background knowledge needed to hack the Linux kernel.
Section 2. Setting up the Linux Kernel Analysis Environment
This section will show you how to set up an environment for debugging the Linux kernel. In the process of setting up an environment for the real world, you will build the Linux kernel and file system yourself, and in the process of setting up an environment for CTF, you will learn about the preparation process for solving a problem.
Section 3. Linux Kernel Protection Techniques and Bypasses
This section will learn about the various protection techniques of the Linux kernel and practice techniques to bypass each protection technique. The protection techniques to be studied are those of Intel series architectures, and a total of 6 protection techniques will be studied. In addition, from this section onwards, practice example files will be provided for each lecture.
Section 4. Practice with various kernel attack techniques
This section explores various techniques that can be used to escalate privileges when a Linux kernel vulnerability is exploited.
Section 5. Analysis of various Linux kernel vulnerabilities
This section covers the different types of vulnerabilities that can occur in the Linux kernel.
Section 6. Practice Contest Problems - Input Test Driver
This is a section where we solve Linux kernel problems that were actually presented in CTF. The problem to be solved is the Input Test Driver problem presented in the 2020 Defenit CTF , a competition run by the instructor's team.
Section 7. Lecture Epilogue
This section concludes the lecture by introducing references that will be helpful when studying the Linux kernel.
✏️ Background knowledge for attending lectures
Minimum background knowledge
1. C language
Recommended Background Knowledge
1. Knowledge related to system hacking (BOF, ROP, UAF, etc.) 2. Assembly language (x86_64)
🙋🏻♂️ Expected Questions Q&A
Q. I have never hacked a system before and I don't know assembly language. Can I still take the course? A. When producing each lecture, we make it so that even those who are not experts in system hacking can listen to it, so whenever a new term appears, an explanation for it is included in the lecture.
However, since this is a summarized explanation, you should study it in parallel with searching Google when you encounter concepts you don't know, and keep in mind that if you take the course without any knowledge of system hacking, the learning period will be much longer.
Q. What version of Linux do you use? A. In my case, I used Ubuntu 18.04 version. (https://releases.ubuntu.com/18.04/)
Q. The lectures are serialized, so when will the remaining lectures be uploaded? A. All lectures have now been uploaded.
Recommended for these people
Who is this course right for?
For those who want to study Linux kernel hacking for the first time
If you have studied pwn2own and now want to get started with Linux kernel exploits
This was a very useful lecture for those who are new to Linux kernel hacking.
The core content was explained in an easy-to-understand manner, and the learning examples using QEMU made it even easier to understand.
https://defenit.kr/2019/12/03/Pwn/%E3%84%B4%20Research/linux-kenel-bpf/
I think it would be more effective to study in conjunction with the link above, which is Team Defenit's kernel LPE vulnerability analysis data.
I am learning a lot in many ways. Thank you.
