HITB-Invoice-Logo

thank you for joining us!

E’rybody Gettin’ TIPC: Demystifying Remote Linux Kernel Exploitation

Date

August 25, 2022

Time

11:30

Track

Main Track

2022 has been one hell of a year for Linux exploitation, with several high profile vulnerabilities including DirtyPipe (CVE-2022-0847), Pwnkit (CVE-2021-4034) and many other equally cool but unbranded bugs (like CVE-2022-27666). Having worked on these exploits and more, from trivial to complex, I can tell you they all had one thing in common: all involved local vulnerabilities.

Follow me on a journey as I discovered a remote stack overflow in a kernel network module (CVE-2022-0435), while enumerating it for primitives to help exploit another bug entirely.

So if you’re interested in a hollistic view of the exploit development process, the nitty gritty of low level kernel exploitation or just fancy witnessing my slow descent into madness as I become a walking, talking TIPC manual then this may just be the talk for you.

Speakers

Vulnerability Researcher

Immunity Inc

An enthusiastic security researcher and engineer, I’ve spent my time developing a deep technical understanding in offensive security and OS internals. Currently working as a vulnerability researcher, focusing on Linux kernel exploitation.

Other Talks in This Track

LOCATION

Main Track

DATE

August 25

TIME

09:00

LOCATION

Main Track

DATE

August 25

TIME

15:00

LOCATION

Main Track

DATE

August 25

TIME

16:30