Posts | Archive

Dissecting the Android Bouncer

At SummerCon this year, Charlie Miller and I gave a talk on Android's Bouncer. Our presentation materials are now publicly available.

Dissecting the Android

The week before our presentation, we also posted a teaser ...

ASLR in Android Ice Cream Sandwich 4.0

When I first saw the release notes for the new Android Ice Cream Sandwich (ICS) platform, I was excited to see that Google mentioned that "Android 4.0 now provides address space layout randomization":


For the uninitiated, ASLR randomizes where various areas of memory (eg. stack, heap, libs, etc) are ...

CSAW CTF 2011 Kernel Exploitation Challenge

My challenge for this year's NYU Poly CSAW CTF finals was a Linux kernel exploitation challenge disguised as a crypto challenge. The challenge and solution are described below.

The Challenge

Each team is given unprivileged remote shell access to a Linux VM. There is a custom kernel module, SqueamishOssifrage ...

Tool releases: ksymhunter and kstructhunter

I'm releasing a couple tools I use internally for Linux kernel exploit development: ksymhunter and kstructhunter. They're probably only useful for like ten people on the planet, but oh well, enjoy!


Kernel symbols are definitely a useful resource when writing Linux kernel exploits. Whether you're looking ...

Stackjackin' 2: Electric Boogaloo

Last month at SummerCon, Dan Rosenberg and I talked about our stackjacking technique for exploiting kernel vulnerabilities on grsecurity/PaX-hardened Linux kernels, in a presentation titled "Stackjacking and Other Kernel Nonsense."


While we covered a lot of material from our original stackjacking presentation, we also presented on a couple new ...

Copyright © 2015 - Jon Oberheide <jon at oberheide dot org>.