Dissecting the Android Bouncer
June 21st, 2012At SummerCon this year, Charlie Miller and I gave a talk on Android’s Bouncer. Our presentation materials are now publicly available.
Blog Entries - Technical
ASLR in Android Ice Cream Sandwich 4.0
February 27th, 2012When I first saw the release notes for the new Android Ice Cream Sandwich (ICS) platform, I was excited to see that Google mentioned that “Android 4.0 now provides address space layout randomization”:
CSAW CTF 2011 Kernel Exploitation Challenge
November 27th, 2011My challenge for this year’s NYU Poly CSAW CTF finals was a Linux kernel exploitation challenge disguised as a crypto challenge. The challenge and solution are described below.
Tool releases: ksymhunter and kstructhunter
September 8th, 2011I’m releasing a couple tools I use internally for Linux kernel exploit development: ksymhunter and kstructhunter. They’re probably only useful for like ten people on the planet, but oh well, enjoy!
Stackjackin’ 2: Electric Boogaloo
July 6th, 2011Last month at SummerCon, Dan Rosenberg and I talked about our stackjacking technique for exploiting kernel vulnerabilities on grsecurity/PaX-hardened Linux kernels, in a presentation titled “Stackjacking and Other Kernel Nonsense.”
When Angry Birds Attack: Android Edition
May 28th, 2011It’s been about six months since I reported a vulnerability in the Android mobile platform that allowed the unprompted installation of arbitrary applications with arbitrary permissions on a victim’s device. While the vulnerability has long been fixed on Android handsets around the world, I’ve yet to write up any technical details about it, and it’s unlikely you’ve heard of it unless you were present at our ShmooCon presentation earlier this year. So without further ado, let’s dive into “When Angry Birds attack: Android edition.”
Stackjacking Your Way to grsec/PaX Bypass
April 20th, 2011This April at Hackito Ergo Sum in Paris and Immunity’s Infiltrate in Miami, Dan Rosenberg and I presented on a technique to exploit grsecurity/PaX-hardened Linux kernels. Read on for a brief overview of our presentation and a link to the full slides and PoC code.
How I Almost Won Pwn2Own via XSS
March 7th, 2011No, seriously.
Exploiting Stack Overflows in the Linux Kernel
November 29th, 2010In this post, I’ll introduce an exploitation technique for kernel stack overflows in the Linux kernel. Keep in mind this does not refer to buffer overflows on the kernel stack (whose exploitability is well understood), but rather the improper expansion of the kernel stack causing it to overlap with critical structures which may be subsequently corrupted. This is a vulnerability class in the Linux kernel that I do not believe have been exploited publicly in the past, but is relevant due to a recent vulnerability in the Econet packet family.
CSAW CTF 2010 Kernel Exploitation Challenge
November 2nd, 2010The finals for NYU Poly’s CSAW CTF was this past weekend in New York City. I thought I would post the kernel exploitation challenge I developed for the final round. Feel free to try your hand at solving it!
