Exploiting Kernel Races through Taming Thread Interleaving

Channel:
United States All Hacking Cons
Subscribers:
5,970
Published on ● Video Link: https://www.youtube.com/watch?v=rJbIhEosKdQ


Duration: 38:49
7 views
0

Yoochan Lee | Master Student, Seoul National University
Byoungyoung Lee | Professor, Seoul National University
Changwoo Min | Professor, Virginia Tech
Date: Thursday, August 6 | 1:30pm-2:10pm
Format: 40-Minute Briefings
Track: Exploit Development

A kernel race condition vulnerability is difficult to exploit, because thread interleaving is non-deterministic and cannot be controlled. Thus, conventional exploitation techniques against kernel races simply attempt to brute force, i.e., keep exploiting the race in hopes that the execution orders happen to be indeed racing. However, we observed that many kernel races cannot be exploited through brute forcing including three recent Linux kernel race vulnerabilities, because the chance to race is virtually zero.

This presentation introduces a new kernel race condition exploitation technique. The key idea behind our new race exploitation technique is to tame the thread execution order based on the clear understanding of the kernel’s thread interleaving mechanism. With our new exploitation techniques, we demonstrate how three Linux kernel races can be successfully exploited within 10-100 seconds, all of which were not exploitable given in 24 hours through simple brute forcing.

Black Hat - USA - 2020 Hacking conference
#hacking, #hackers, #infosec, #opsec, #IT, #security



Other Videos By All Hacking Cons


2022-01-09Breaking Samsung's Root of Trust: Exploiting Samsung S10 Secure Boot
2022-01-09I calc'd Calc - Exploiting Excel Online
2022-01-09Engineering Empathy: Adapting Software Engineering Principles and Process to Security
2022-01-09Multiple Bugs in Multi-Party Computation: Breaking Cryptocurrency's Strongest Wallets
2022-01-09Breaking VSM by Attacking SecureKernel
2022-01-09Escaping Virtualized Containers
2022-01-09Experimenting with Real Time Event Feeds
2022-01-09My Cloud is APT's Cloud Investigating and Defending Office 365
2022-01-09Building a Vulnerability Disclosure Program that Works for Election Vendors and Hackers
2022-01-09EtherOops: Exploring Practical Methods to Exploit Ethernet Packet-in-Packet Attacks
2022-01-09Exploiting Kernel Races through Taming Thread Interleaving
2022-01-09Needing the DoH: The Ongoing Encryption and Centralization of DNS
2022-01-09Building Cyber Security Strategies for Emerging Industries in Sub Saharan Africa
2022-01-09FASTCash and INJX Pure How Threat Actors Use Public Standards for Financial Fraud
2022-01-09CloudLeak: DNN Model Extractions from Commercial MLaaS Platforms
2022-01-09NoJITsu: Locking Down JavaScript Engines
2022-01-09Carrying our Insecurities with Us The Risks of Implanted Medical Devices in Secure Spaces
2022-01-09Finding New Bluetooth Low Energy Exploits via Reverse Engineering Multiple Vendors' Firmwares
2022-01-09Compromising the macOS Kernel through Safari by Chaining Six Vulnerabilities
2022-01-09Office Drama on macOS
2022-01-09Fooling Windows through Superfetch


Tags:
data
hacker
security
computer
cyber
internet
technology
hacking
attack
digital
virus
information
hack
online
crime
password
code
web
concept
thief
protection
network
scam
fraud
malware
secure
criminal
software
safety
theft
system
firewall
business
privacy
account
spy
hacked
hacking conference
conference
learn
how to
2022
2021
cybersecurity
owned
break in
google
securing
exploit
exploitation
recon
social engineering
Yoochan Lee
Byoungyoung Lee
Changwoo Min
Exploit Development