At SummerCon this year, Charlie Miller and I gave a talk on Android's Bouncer. Our presentation materials are now publicly available.

The week before our presentation, we also posted a teaser ...

When I first saw the release notes for the new Android Ice Cream Sandwich (ICS) platform, I was excited to see that Google mentioned that "Android 4.0 now provides address space layout randomization":

For the uninitiated, ASLR randomizes where various areas of memory (eg. stack, heap, libs, etc) are ...

My challenge for this year's NYU Poly CSAW CTF finals was a Linux kernel exploitation challenge disguised as a crypto challenge. The challenge and solution are described below.

The Challenge

Each team is given unprivileged remote shell access to a Linux VM. There is a custom kernel module, SqueamishOssifrage ...

I'm releasing a couple tools I use internally for Linux kernel exploit development: ksymhunter and kstructhunter. They're probably only useful for like ten people on the planet, but oh well, enjoy!

ksymhunter

Kernel symbols are definitely a useful resource when writing Linux kernel exploits. Whether you're looking ...

Last month at SummerCon, Dan Rosenberg and I talked about our stackjacking technique for exploiting kernel vulnerabilities on grsecurity/PaX-hardened Linux kernels, in a presentation titled "Stackjacking and Other Kernel Nonsense."

While we covered a lot of material from our original stackjacking presentation, we also presented on a couple new ...