When I first saw the release notes for the new Android Ice Cream Sandwich (ICS) platform, I was excited to see that Google mentioned that "Android 4.0 now provides address space layout randomization":
For the uninitiated, ASLR randomizes where various areas of memory (eg. stack, heap, libs, etc) are ...!--more-->
My challenge for this year's NYU Poly CSAW CTF finals was a Linux kernel exploitation challenge disguised as a crypto challenge. The challenge and solution are described below.
Each team is given unprivileged remote shell access to a Linux VM. There is a custom kernel module, SqueamishOssifrage ...!--more-->
Kernel symbols are definitely a useful resource when writing Linux kernel exploits. Whether you're looking ...!--more-->
Last month at SummerCon, Dan Rosenberg and I talked about our stackjacking technique for exploiting kernel vulnerabilities on grsecurity/PaX-hardened Linux kernels, in a presentation titled "Stackjacking and Other Kernel Nonsense."
While we covered a lot of material from our original stackjacking presentation, we also presented on a couple new ...!--more-->
Copyright © 2015 - Jon Oberheide <jon at oberheide dot org>.