Originally considered to be the stuff of myth, remote kernel exploits allow attackers to bypass all operating system protection mechanisms and gain instant root access to remote systems. While reviewing prior work in remote kernel exploitation, this talk will go over some of the challenges and limitations associated with developing remote kernel exploits.
We will discuss in detail the development of an exploit for a remotely triggerable vulnerability in the Linux kernel's implementation of the ROSE amateur radio protocol. In doing so, a number of new kernel exploitation techniques will be demonstrated. In addition, this talk will present a working example of the installation of a remote kernel backdoor. We will conclude with a demonstration of this exploit against a live system and a discussion of future work in kernel exploitation and mitigation.
Dan is a security consultant and vulnerability researcher at Virtual Security Research, where he performs application and network penetration testing, conducts code reviews, and identifies vulnerabilities in third-party software. He has reported and corrected dozens of vulnerabilities in popular open source and commercial applications, including more than 50 vulnerabilities in the Linux kernel. He also contributes on the defensive side by submitting kernel patches that implement proactive security features. His current research interests include exploit development, kernel hardening, and mobile security.