A security engineer focusing on fuzzers, exploits, and mitigations for Linux and Android kernels.


  • 🗡 Attacking the Linux kernel [Online]

    A two-day training that guides researchers through the field of Linux kernel security. In a series of exercise-driven labs, the training explores the process of finding, assessing, and exploiting kernel bugs in modern Linux distributions on the x86-64 architecture.

    Besides providing a foundation for writing Linux kernel exploits, the training covers the no-less important areas of finding kernel bugs and evaluating their security impact. This includes chapters on using and extending dynamic bug-finding tools, writing custom fuzzers, and analyzing crashes.

    Targeted at beginners.

  • 🔍 Looking for Remote Code Execution bugs in the Linux kernel

    How would an attacker remotely take over a personal Linux or Android device? Send a malicious link and get code execution through the browser? Or target a messenger or an email client? Well, how about sending a series of network packets and owning the kernel directly 😋

    This article covers my experience with fuzzing the Linux kernel externally over the network. I’ll explain how I extended a kernel fuzzer called syzkaller for this purpose and show off the found bugs. The article also includes an introduction to syzkaller and its advanced feature — pseudo-syscalls.

    Sadly, to find that one bug to take over the Internet — I failed. But I did manage to find a one-shot RCE in a non-public kernel flavor.

  • 🐞 Sanitizing the Linux kernel

    A talk about Sanitizers — the go-to tools for detecting bugs in the Linux kernel. Focuses on the implementation of the Generic KASAN mode. Briefly covers other Sanitizers and suggests approaches to improving KASAN and KMSAN to make them find more bugs.

    [LWN published a write-up of this talk.]