1. Linux Kernel Exploit Development by Vitaly NikolenkoCapacity: 15
This workshop will focus on exploiting a recent Linux kernel vulnerability on x86_64. We will provide a complete walkthrough starting from the vulnerability analysis and the initial crash to a full weaponised exploit. Though the workshop concentrates on a specific vulnerability, the goal is to demonstrate general exploitation concepts that can be applied to other classes of kernel memory corruption vulnerabilities.
During the workshop, attendees will obtain hands-on experience in kernel exploitation and develop several iterations of the exploit required to bypass common kernel exploitation mitigations such as SMEP/SMAP/KPTI.
This workshop is structured as several theory modules (providing required background material) followed by practical hands-on exercises. It is aimed at the intermediate level and is ideal for attendees already familiar with common user-space exploitation techniques.
The workshop is largely self-contained. It includes brief refreshers on x86_64 architecture and GDB.
Key learning objectives:
- Linux kernel debugging environment
- Privilege escalation on modern kernels
- Common exploitation primitives
- Current kernel exploitation mitigations and bypasses (SMEP/SMAP/KPTI)
- Familiarity with x86_64 architecture
- C and assembly knowledge
- Familiarity with GDB
- Fundamental knowledge of common user-space exploitation techniques (e.g., stack and heap overflows, integer type conversionvulnerabilities and overflows, etc.)
Hardware and software requirements:
- Base OS: Windows, OS X, Linux
- At least 20GB of free disk space
- At least 8GB of RAM
- VMWare Workstation (v9+) or Fusion (v5+) (trial version is sufficient)
|Vitaly is a security researcher with a solid academic background in programming languages, algorithms and cryptography. He is currently focused on OS security (kernel space exploitation techniques and countermeasures on POSIX systems) and software hypervisors.|
2. iOS Sandbox Escape Vulnerability and Exploitation by PanguCapacity: 15
In this workshop we will begin by introducing iOS architecture and its security mitigations. Followed by a talk about iOS runtime and show how to do reverse engineering. After that we will focus on Mach msg basics and how XPC works upon on it. This is done because most iOS daemons provide an XPC interface and if they don't handle the messages properly, security bugs may come up. The workshop will also cover some known bugs in the security history of iOS which enable you to execute code with a high privileged context. During the workshop students will also take an exercise in exploiting a particular bug to see how real exploit is developed.
- 1. macOS laptop with Xcode installed
- 2. IDA pro or Hopper
- 3. Testing iOS device (will be provided during the workshop)
Hao Xu is founder of Pangu Team which is famous for releasing several jailbreaks from iOS 7 - iOS 9. He has been involved in security research field for more than 10 years, and he has given talks on worldwide conferences like Blackhat, Syscan, POC, Zer0con, Xcon.