A security engineer focusing on fuzzers, exploits, and mitigations for Linux and Android kernels.

    • 🔍 Looking for Remote Code Execution bugs in the Linux kernel

      How would an attacker remotely take over a personal Linux or Android device? Send a malicious link and get code execution through the browser? Or target a messenger or an email client? Well, how about sending a series of network packets and owning the kernel directly 😋

      This article covers my experience with fuzzing the Linux kernel externally over the network. I’ll explain how I extended a kernel fuzzer called syzkaller for this purpose and show off the found bugs. The article also includes an introduction to syzkaller and its advanced feature — pseudo-syscalls.

      Sadly, to find that one bug to take over the Internet — I failed. But I did manage to find a one-shot RCE in a non-public kernel flavor.

    • 🐞 Sanitizing the Linux kernel

      A talk about Sanitizers — the go-to tools for detecting bugs in the Linux kernel. Focuses on the implementation of the Generic KASAN mode. Briefly covers other Sanitizers and suggests approaches to improving KASAN and KMSAN to make them find more bugs.

      [LWN published a write-up of this talk.]