A security engineer focusing on fuzzers, exploits, and mitigations for Linux and Android kernels.

  • June 23–26, 2025 β€” REcon, Montreal

    πŸ—‘ Exploiting the Linux Kernel [4 days]

    A 4-day Linux kernel exploitation frenzy!

    This training guides researchers through the field of Linux kernel exploitation. In a series of practical labs, the training explores the process of exploiting kernel bugs in a modern Linux distribution on the x86-64 architecture.

    The training starts with the beginner topics but proceeds into advanced areas as well. The beginner chapters include learning the techniques to escalate privileges and bypass foundational mitigations in x86-64 kernels. The advanced chapters are dedicated to slab (heap) exploitation, including an in-depth analysis of the kernel allocators’ internals.

  • May 2, 2022

    πŸ” Looking for Remote Code Execution bugs in the Linux kernel

    How would an attacker remotely take over a personal Linux or Android device? Send a malicious link and get code execution through the browser? Or target a messenger or an email client? Well, how about sending a series of network packets and owning the kernel directly πŸ˜‹

    This article covers my experience with fuzzing the Linux kernel externally over the network. I’ll explain how I extended a kernel fuzzer called syzkaller for this purpose and show off the found bugs. The article also includes an introduction to syzkaller and its advanced feature β€” pseudo-syscalls.

    Sadly, to find that one bug to take over the Internet β€” I failed. But I did manage to find a one-shot RCE in a non-public kernel flavor.