YoVDO

Exploiting a Limited UAF on Ubuntu 22.04 to Achieve LPE

Offered By: Hack In The Box Security Conference via YouTube

Tags

Hack In The Box Security Conference Courses Exploit Development Courses Vulnerability Research Courses Use-After-Free Vulnerability Courses Linux Kernel Security Courses Return-oriented Programming Courses

Course Description

Overview

Explore the intricacies of exploiting a Linux kernel vulnerability in the netlink subsystem to achieve local privilege escalation on Ubuntu 22.04. Delve into the details of a limited use-after-free (UAF) bug that allows unprivileged users to escalate to root on systems permitting unprivileged namespace creation. Learn about the exploitation methods employed to develop a reliable privilege escalation exploit, including techniques to bypass KASLR and execute ROP gadgets in the kernel. Discover how multiple UAF triggers are leveraged to build powerful exploit primitives, from initial leak primitives to more advanced information leaks and function pointer manipulation. Gain insights from an industry veteran with over 20 years of experience in exploit development, covering various platforms including Xen, Windows kernel, Cisco devices, and Android.

Syllabus

#HITB2022SIN Exploiting A Limited UAF On Ubuntu 22.04 To Achieve LPE - Aaron Adams


Taught by

Hack In The Box Security Conference

Related Courses

Enter Sandbox
Black Hat via YouTube
Evaluation of the Executional Power in Windows Using Return Oriented Programming
IEEE via YouTube
Spectre Attacks Exploiting Speculative Execution
IEEE via YouTube
Return to the Zombie Gadgets - Undermining Destructive Code Reads via Code-Inference Attacks
IEEE via YouTube
ROP is Still Dangerous - Breaking Modern Defenses
USENIX via YouTube