Perla B. Sc. / Perla / Oldani | A Guide to Kernel Exploitation | E-Book | www2.sack.de
E-Book

E-Book, Englisch, 464 Seiten

Perla B. Sc. / Perla / Oldani A Guide to Kernel Exploitation

Attacking the Core
1. Auflage 2010
ISBN: 978-1-59749-487-8
Verlag: Elsevier Science & Techn.
Format: EPUB
 Kopierschutz: 6 - ePub Watermark

Attacking the Core

E-Book, Englisch, 464 Seiten

ISBN: 978-1-59749-487-8
Verlag: Elsevier Science & Techn.
Format: EPUB
 Kopierschutz: 6 - ePub Watermark

A Guide to Kernel Exploitation: Attacking the Core discusses the theoretical techniques and approaches needed to develop reliable and effective kernel-level exploits, and applies them to different operating systems, namely, UNIX derivatives, Mac OS X, and Windows. Concepts and tactics are presented categorically so that even when a specifically detailed vulnerability has been patched, the foundational information provided will help hackers in writing a newer, better attack; or help pen testers, auditors, and the like develop a more concrete design and defensive structure.The book is organized into four parts. Part I introduces the kernel and sets out the theoretical basis on which to build the rest of the book. Part II focuses on different operating systems and describes exploits for them that target various bug classes. Part III on remote kernel exploitation analyzes the effects of the remote scenario and presents new techniques to target remote issues. It includes a step-by-step analysis of the development of a reliable, one-shot, remote exploit for a real vulnerabilitya bug affecting the SCTP subsystem found in the Linux kernel. Finally, Part IV wraps up the analysis on kernel exploitation and looks at what the future may hold. - Covers a range of operating system families - UNIX derivatives, Mac OS X, Windows - Details common scenarios such as generic memory corruption (stack overflow, heap overflow, etc.) issues, logical bugs and race conditions - Delivers the reader from user-land exploitation to the world of kernel-land (OS) exploits/attacks, with a particular focus on the steps that lead to the creation of successful techniques, in order to give to the reader something more than just a set of tricks

Enrico Perla currently works as a kernel programmer at Oracle. He received his B.Sc. in Computer Science from the University of Torino, and his M.Sc. in Computer Science from Trinity College Dublin. His interests range from low-level system programming to low-level system attacking, exploiting, and exploit countermeasures.
Perla B. Sc. / Perla / Oldani A Guide to Kernel Exploitation jetzt bestellen!

Autoren/Hrsg.

Perla B. Sc., Computer Science
Perla, Enrico
Oldani, Massimiliano

Weitere Infos & Material

1;Front Cover;1
2;A Guide to Kernel Exploitation;4
3;Copyright;5
4;Table of Contents;6
5;Foreword;12
6;Preface;14
6.1;Book Overview;14
6.2;How This Book Is Organized;14
6.3;Conclusion;16
7;Acknowledgments;18
8;About the Authors;20
9;About the Technical Editor;22
10;Part I. Journey to Kernel Land;24
10.1;Chapter 1. From User-Land to Kernel-Land Attacks;26
10.1.1;Introduction;26
10.1.2;Introducing the Kernel and the World of Kernel Exploitation;26
10.1.3;Why Doesn’t My User-Land Exploit Work Anymore?;32
10.1.4;An Exploit Writer’s View of the Kernel;36
10.1.5;Open Source versus Closed Source Operating Systems;41
10.1.6;Summary;41
10.1.7;Related Reading;42
10.1.8;Endnote;42
10.2;Chapter 2. A Taxonomy of Kernel Vulnerabilities;44
10.2.1;Introduction;44
10.2.2;Uninitialized/Nonvalidated/Corrupted Pointer Dereference;45
10.2.3;Memory Corruption Vulnerabilities;49
10.2.4;Integer Issues;52
10.2.5;Race Conditions;56
10.2.6;Logic Bugs (a.k.a. the Bug Grab Bag);62
10.2.7;Summary;67
10.2.8;Endnotes;67
10.3;Chapter 3. Stairway to Successful Kernel Exploitation;70
10.3.1;Introduction;70
10.3.2;A Look at the Architecture Level;71
10.3.3;The Execution Step;81
10.3.4;The Triggering Step;94
10.3.5;The Information-Gathering Step;113
10.3.6;Summary;121
10.3.7;Related Reading;122
11;Part II. The UNIX Family, Mac OS X, and Windows;124
11.1;Chapter 4. The UNIX Family;126
11.1.1;Introduction;126
11.1.2;The Members of the UNIX Family;127
11.1.3;The Execution Step;149
11.1.4;Practical UNIX Exploitation;161
11.1.5;Summary;216
11.1.6;Endnotes;217
11.2;Chapter 5. Mac OS X;218
11.2.1;Introduction;218
11.2.2;An Overview of XNU;219
11.2.3;Kernel Debugging;223
11.2.4;Kernel Extensions (Kext);231
11.2.5;The Execution Step;250
11.2.6;Exploitation Notes;251
11.2.7;Summary;289
11.2.8;Endnotes;290
11.3;Chapter 6. Windows;292
11.3.1;Introduction;292
11.3.2;Windows Kernel Overview;294
11.3.3;The Execution Step;308
11.3.4;Practical Windows Exploitation;331
11.3.5;Summary;362
11.3.6;Endnotes;363
12;Part III. Remote Kernel Exploitation;364
12.1;Chapter 7. Facing the Challenges of Remote Kernel Exploitation;366
12.1.1;Introduction;366
12.1.2;Attacking Remote Vulnerabilities;367
12.1.3;Executing the First Instruction;371
12.1.4;Remote Payloads;385
12.1.5;Summary;406
12.1.6;Endnote;407
12.2;Chapter 8. Putting It All Together: A Linux Case Study;408
12.2.1;Introduction;408
12.2.2;SCTP FWD Chunk Heap Memory Corruption;409
12.2.3;Remote Exploitation: An Overall Analysis;416
12.2.4;Getting the Arbitrary Memory Overwrite Primitive;417
12.2.5;Installing the Shellcode;426
12.2.6;Executing the Shellcode;433
12.2.7;Summary;437
12.2.8;Related Reading;438
12.2.9;Endnote;438
13;Part IV. Final Words;440
13.1;Chapter 9. Kernel Evolution: Future Forms of Attack and Defense;442
13.1.1;Introduction;442
13.1.2;Kernel Attacks;443
13.1.3;Kernel Defense;448
13.1.4;Beyond Kernel Bugs: Virtualization;455
13.1.5;Summary;457
14;Index;460

Ihre Fragen, Wünsche oder Anmerkungen
Vorname*
Nachname*
Ihre E-Mail-Adresse*
Kundennr.
Ihre Nachricht*
Lediglich mit * gekennzeichnete Felder sind Pflichtfelder.
Wenn Sie die im Kontaktformular eingegebenen Daten durch Klick auf den nachfolgenden Button übersenden, erklären Sie sich damit einverstanden, dass wir Ihr Angaben für die Beantwortung Ihrer Anfrage verwenden. Selbstverständlich werden Ihre Daten vertraulich behandelt und nicht an Dritte weitergegeben. Sie können der Verwendung Ihrer Daten jederzeit widersprechen. Das Datenhandling bei Sack Fachmedien erklären wir Ihnen in unserer Datenschutzerklärung.