Muutke küpsiste eelistusi

Guide to Kernel Exploitation: Attacking the Core [Pehme köide]

4.25/5 (100 hinnangut Goodreads-ist)
(Kernel Programmer, Oracle), (Security Consultant, Emaze Networks)
  • Formaat: Paperback / softback, 464 pages, kõrgus x laius: 235x191 mm, kaal: 820 g, Approx. 60 Illustrations; Illustrations, Contains 1 Digital (delivered electronically)
  • Ilmumisaeg: 28-Oct-2010
  • Kirjastus: Syngress Media,U.S.
  • ISBN-10: 1597494860
  • ISBN-13: 9781597494861
Teised raamatud teemal:
Guide to Kernel Exploitation: Attacking the CoreSuurem pilt
  • Formaat: Paperback / softback, 464 pages, kõrgus x laius: 235x191 mm, kaal: 820 g, Approx. 60 Illustrations; Illustrations, Contains 1 Digital (delivered electronically)
  • Ilmumisaeg: 28-Oct-2010
  • Kirjastus: Syngress Media,U.S.
  • ISBN-10: 1597494860
  • ISBN-13: 9781597494861
Teised raamatud teemal:
Püsilink: https://www.kriso.ee/db/9781597494861.html
Märksõnad:

The number of security countermeasures against user-land exploitation is on the rise. Because of this, kernel exploitation is becoming much more popular among exploit writers and attackers. Playing with the heart of the operating system can be a dangerous game: This book covers the theoretical techniques and approaches needed to develop reliable and effective kernel-level exploits and applies them to different operating systems (Linux, Solaris, Mac OS X, and Windows). Kernel exploits require both art and science to achieve. Every OS has its quirks and so every exploit must be molded to fully exploit its target. This book discusses the most popular OS families-UNIX derivatives, Mac OS X, and Windows-and how to gain complete control over them. Concepts and tactics are presented categorically so that even when a specifically detailed exploit has been patched, the foundational information that you have read will help you to write a newer, better attack or a more concrete design and defensive structure.

  • Covers a range of operating system families - UNIX derivatives, Mac OS X, Windows
  • Details common scenarios such as generic memory corruption (stack overflow, heap overflow, etc.) issues, logical bugs and race conditions
  • Delivers the reader from user-land exploitation to the world of kernel-land (OS) exploits/attacks, with a particular focus on the steps that lead to the creation of successful techniques, in order to give to the reader something more than just a set of tricks

Arvustused

"A very interesting book that not only exposes readers to kernel exploitation techniques, but also deeply motivates the study of operating systems internals, moving such study far beyond simple curiosity."--Golden G. Richard III, Ph.D., Professor of Computer Science, University of New Orleans and CTO, Digital Forensics Solutions, LLC

Muu info

Learn how kernel exploits expose operating system vulnerabilities and give the attacker complete control!
Foreword xi
Preface xiii
Acknowledgments xvii
About the Authors xix
About the Technical Editor xxi
PART I A JOURNEY TO KERNEL LAND
Chapter 1 From User-Land to Kernel-Land Attacks
3(18)
Introduction
3(1)
Introducing the Kernel and the World of Kernel Exploitation
3(6)
The Art of Exploitation
5(4)
Why Doesn't My User-Land Exploit Work Anymore?
9(4)
Kernel-Land Exploits versus User-Land Exploits
11(2)
An Exploit Writer's View of the Kernel
13(5)
User-Land Processes and the Scheduler
13(1)
Virtual Memory
14(4)
Open Source versus Closed Source Operating Systems
18(1)
Summary
18(1)
Related Reading
19(1)
Endnote
19(2)
Chapter 2 A Taxonomy of Kernel Vulnerabilities
21(26)
Introduction
21(1)
Uninitialized/Nonvalidated/Corrupted Pointer Dereference
22(4)
Memory Corruption Vulnerabilities
26(3)
Kernel Stack Vulnerabilities
26(1)
Kernel Heap Vulnerabilities
27(2)
Integer Issues
29(4)
(Arithmetic) Integer Overflows
29(2)
Sign Conversion Issues
31(2)
Race Conditions
33(6)
Logic Bugs (a.k.a. the Bug Grab Bag)
39(5)
Reference Counter Overflow
39(1)
Physical Device Input Validation
40(1)
Kernel-Generated User-Land Vulnerabilities
41(3)
Summary
44(1)
Endnotes
44(3)
Chapter 3 Stairway to Successful Kernel Exploitation
47(56)
Introduction
47(1)
A Look at the Architecture Level
48(10)
Generic Concepts
48(7)
x86 and x86-64
55(3)
The Execution Step
58(13)
Placing the Shellcode
59(7)
Forging the Shellcode
66(5)
The Triggering Step
71(19)
Memory Corruption
71(15)
Race Conditions
86(4)
The Information-Gathering Step
90(8)
What the Environment Tells Us
91(5)
What the Environment Would Not Want to Tell Us: Infoleaks
96(2)
Summary
98(1)
Related Reading
99(4)
PART II THE UNIX FAMILY, MAC OS X, AND WINDOWS
Chapter 4 The UNIX Family
103(92)
Introduction
103(1)
The Members of the UNIX Family
104(22)
Linux
104(10)
Solaris/OpenSolaris
114(11)
BSD Derivatives
125(1)
The Execution Step
126(12)
Abusing the Linux Privilege Model
126(12)
Practical UNIX Exploitation
138(55)
Kernel Heap Exploitation
138(1)
Attacking the OpenSolaris Slab Allocator
139(21)
Attacking the Linux 2.6 SLABˆHˆHUB Allocator
160(17)
Attacking (Linux) Kernel Stack Overflows
177(7)
Revisiting CVE-2009-3234
184(9)
Summary
193(1)
Endnotes
194(1)
Chapter 5 Mac OS X
195(74)
Introduction
195(1)
An Overview of XNU
196(4)
Mach
197(1)
BSD
197(1)
IOKit
197(1)
System Call Tables
198(2)
Kernel Debugging
200(8)
Kernel Extensions (Kext)
208(19)
IOKit
214(1)
Kernel Extension Auditing
215(12)
The Execution Step
227(1)
Exploitation Notes
228(38)
Arbitrary Memory Overwrite
229(10)
Stack-Based Buffer Overflows
239(14)
Memory Allocator Exploitation
253(13)
Race Conditions
266(1)
Snow Leopard Exploitation
266(1)
Summary
266(1)
Endnotes
267(2)
Chapter 6 Windows
269(74)
Introduction
269(2)
Windows Kernel Overview
271(14)
Kernel Information Gathering
272(4)
Introducing DVWD: Damn Vulnerable Windows Driver
276(2)
Kernel Internals Walkthrough
278(4)
Kernel Debugging
282(3)
The Execution Step
285(23)
Windows Authorization Model
286(9)
Building the Shellcode
295(13)
Practical Windows Exploitation
308(31)
Arbitrary Memory Overwrite
308(11)
Stack Buffer Overflow
319(20)
Summary
339(1)
Endnotes
340(3)
PART III REMOTE KERNEL EXPLOITATION
Chapter 7 Facing the Challenges of Remote Kernel Exploitation
343(42)
Introduction
343(1)
Attacking Remote Vulnerabilities
344(4)
Lack of Exposed Information
344(3)
Lack of Control over the Remote Target
347(1)
Executing the First Instruction
348(14)
Direct Execution Flow Redirection
349(11)
Arbitrary Write of Kernel Memory
360(2)
Remote Payloads
362(21)
Payload Migration
364(19)
Summary
383(1)
Endnote
384(1)
Chapter 8 Putting it All Together: A Linux Case Study
385(34)
Introduction
385(1)
SCTP FWD Chunk Heap Memory Corruption
386(7)
A Brief Overview of SCTP
386(3)
The Vulnerable Path
389(4)
Remote Exploitation: An Overall Analysis
393(1)
Getting the Arbitrary Memory Overwrite Primitive
394(9)
Remotely Adjusting the Heap Layout
395(2)
Building SCTP Messages: From Relative to Absolute Memory Overwrite
397(6)
Installing the Shellcode
403(7)
Directly Jumping from Interrupt Context to User Mode
403(7)
Executing the Shellcode
410(4)
Checking the Current Process and Emulating the gettimeofday() function
411(1)
Executing the Connect-Back
412(1)
Recovering the Vsyscall
413(1)
Summary
414(1)
Related Reading
415(1)
Endnote
415(4)
PART IV FINAL WORDS
Chapter 9 Kernel Evolution: Future Forms of Attack and Defense
419(18)
Introduction
419(1)
Kernel Attacks
420(5)
Confidentiality
420(2)
Integrity
422(3)
Availability
425(1)
Kernel Defense
425(7)
Kernel Threat Analysis and Modeling
425(2)
Kernel Defense Mechanisms
427(1)
Kernel Assurance
428(4)
Beyond Kernel Bugs: Virtualization
432(2)
Hypervisor Security
432(1)
Guest Kernel Security
433(1)
Summary
434(3)
Index 437
Enrico Perla currently works as a kernel programmer at Oracle. He received his B.Sc. in Computer Science from the University of Torino, and his M.Sc. in Computer Science from Trinity College Dublin. His interests range from low-level system programming to low-level system attacking, exploiting, and exploit countermeasures. Massimiliano Oldani currently works as a Security Consultant at Emaze Networks. His main research topics include operating system security and kernel vulnerabilities.