The book is organized into four parts. Part I introduces the kernel and sets out the theoretical basis on which to build the rest of the book. Part II focuses on different operating systems and describes exploits for them that target various bug classes. Part III on remote kernel exploitation analyzes the effects of the remote scenario and presents new techniques to target remote issues. It includes a step-by-step analysis of the development of a reliable, one-shot, remote exploit for a real vulnerabilitya bug affecting the SCTP subsystem found in the Linux kernel. Finally, Part IV wraps up the analysis on kernel exploitation and looks at what the future may hold.
- Covers a range of operating system families - UNIX derivatives, Mac OS X, Windows
- Details common scenarios such as generic memory corruption (stack overflow, heap overflow, etc.) issues, logical bugs and race conditions
- Delivers the reader from user-land exploitation to the world of kernel-land (OS) exploits/attacks, with a particular focus on the steps that lead to the creation of successful techniques, in order to give to the reader something more than just a set of tricks
Part I: A Journey to Kernel-Land Chapter 1: From User-Land to Kernel-Land Attacks Chapter 2: A Taxonomy of Kernel Vulnerabilities Chapter 3: Stairway to Successful Kernel Exploitation Part II: The UNIX Family, Mac OS X, and Windows Chapter 4: The UNIX Family Chapter 5: Mac OS X Chapter 6: Windows Part III: Remote Kernel Exploitation Chapter 7: Facing the Challenges of Remote Kernel Exploitation Chapter 8: Putting It All Together: A Linux Case Study Part IV: Final Words Chapter 9: Kernel Evolution: Future Forms of Attack and Defense
Enrico Perla currently works as a kernel programmer at Oracle. He received his B.Sc. in Computer Science from the University of Torino, and his M.Sc. in Computer Science from Trinity College Dublin. His interests range from low-level system programming to low-level system attacking, exploiting, and exploit countermeasures.
Massimiliano Oldani currently works as a Security Consultant at Emaze Networks. His main research topics include operating system security and kernel vulnerabilities.