Talks

  • On passwords

    A talk about the dangers of password reuse that I gave to high-school tech students.

  • Fuzzing the Linux kernel

    [There is an English-dubbed recording of this talk as well.]

    A talk about using fuzzing for finding vulnerabilities in the the Linux kernel. I briefly cover ready-to-use fuzzers (such as Trinity and syzkaller) but mainly focus on the underlying parts: writing fuzzing harnesses, generating inputs, and collecting coverage.

    This is an extended version of the talk I gave as a part of the Linux Foundation Mentorship Series.

  • Fuzzing the Linux Kernel

    A talk about using fuzzing for finding vulnerabilities in the the Linux kernel. I briefly cover ready-to-use fuzzers (such as Trinity and syzkaller) but mainly focus on the underlying parts: writing fuzzing harnesses, generating inputs, and collecting coverage.

  • Memory Tagging for the Kernel: Tag-Based KASAN

    Memory Tagging Extension (MTE) is an ARM v8.5 extension that enables hardware-assisted validation of the correctness of memory accesses. MTE is a new feature that is not yet available in any released CPUs. In the future, MTE will hopefully be used as a kernel memory corruption mitigation.

    While the new CPUs are being developed, I implemented an MTE-like software-only memory bug detector for the Linux kernel — Software Tag-Based KASAN. Instead of relying on hardware, the detector uses compiler instrumentation to perform tag validity checks.

    In this talk, I briefly describe how MTE works and focus on the newly implemented KASAN mode.

  • Introduction to USB hacking

    A 5-hour talk about the USB bus and a showreel of tools that can be used to attack USB.

    Materials for the talk and slides from its previous iterations are on my GitHub.

  • Introduction to PCIe and DMA attacks

    A talk about the PCIe bus and a showreel of tools that can be used to perform DMA attacks.

    Materials for the talk are on my GitHub.

  • Coverage-Guided USB Fuzzing with Syzkaller

    A talk about creating a syzkaller extension for finding Linux kernel vulnerabilities that can be exploited externally by a malicious USB device. I show how I used the USB Gadget subsystem for emulating USB devices and extended KCOV to collect coverage from USB packet parsing paths.

  • Syzkaller: coverage-guided fuzzer for the Linux kernel

    An overview talk about syzkaller — a state-of-the-art kernel fuzzer.

  • How to find zero-days in the Linux kernel

    A lighting talk where I describe a high-level approach to finding zero-days bugs in the Linux kernel with syzkaller — a state-of-the-art kernel fuzzer.

  • KernelThreadSanitizer (KTSAN) — a data race detector for the Linux kernel

    A talk about a prototype of KTSAN — a dynamic data-race detector for the Linux kernel.

  • KernelAddressSanitizer (KASAN) — a fast memory error detector for the Linux kernel

    The first public talk about KASAN — a dynamic bug detector for the Linux kernel. KASAN finds out-of-bounds, use-after-free, and other kinds of harmful memory accesses. Nowadays, KASAN is the go-to tool for detecting memory bugs in testing and fuzzing.

  • Автоматический поиск состояний гонок в ядре ОС Linux

    Доклад про прототип KTSAN — детектор состояний гонок для ядра Linux.

  • AddressSanitizer for Linux Kernel

    A talk about an early prototype of KASAN — a dynamic memory corruption detector for the Linux kernel.