A security engineer focusing on fuzzers, exploits, and mitigations for Linux and Android kernels.
🧱 SLUB Internals for Exploit Developers
A talk that covers the SLUB allocator internals and explains how common Slab shaping approaches work for exploiting Slab memory corruption bugs.
🔍 Looking for Remote Code Execution bugs in the Linux kernel
How would an attacker remotely take over a personal Linux or Android device? Send a malicious link and get code execution through the browser? Or target a messenger or an email client? Well, how about sending a series of network packets and owning the kernel directly 😋
This article covers my experience with fuzzing the Linux kernel externally over the network. I’ll explain how I extended a kernel fuzzer called syzkaller for this purpose and show off the found bugs. The article also includes an introduction to syzkaller and its advanced feature — pseudo-syscalls.
Sadly, to find that one bug to take over the Internet — I failed. But I did manage to find a one-shot RCE in a non-public kernel flavor.
🥥 Linux Kernel Security channel
A Telegram channel about Linux kernel security. Me and Alexander Popov regularly post links to materials about exploits, fuzzers, mitigations, and other security-related things there.