KernJC:用于生成 Linux 内核漏洞的自动化易受攻击环境.pdf

编号:981799 PDF 30页 3.28MB 下载积分:VIP专享
下载报告请您先登录!

1、#BHAS BlackHatEventsKernJC:Automated Vulnerable KernJC:Automated Vulnerable Environment Generation for Linux Environment Generation for Linux Kernel VulnerabilitiesKernel VulnerabilitiesSpeakers:Bonan Ruan,Jiahao LiuContributors:Chuqi Zhang,Zhenkai Liang#BHAS BlackHatEventsBonan Ruan,Ph.D.Student,NU

2、S Ex-NSFOCUS Security Researcher GitHub:brant-ruan Homepage:profile.wohin.me E-mail:r-bonancomp.nus.edu.sgJiahao Liu,Ph.D.Student,NUS GitHub:ljiahao Homepage:ljiahao.github.io E-mail:jiahao99comp.nus.edu.sgChuqi Zhang,Ph.D.Student,NUS GitHub:Icegrave0391 Homepage:chuqiz.notion.site E-mail:chuqizcomp

3、.nus.edu.sgZhenkai Liang,Assoc Prof,NUS Homepage:comp.nus.edu.sg/liangzk E-mail:liangzkcomp.nus.edu.sgABOUT USnus-curiosity.github.io#BHAS BlackHatE KERNJC#BHAS BlackHatEventsENDLESS KERNEL VULNERABILITIES!Source:Google kernelCTF(https:/ BlackHatEventsIMPACT OF KERNEL VULNERABILITIESSource:Bonans bl

4、og post(https:/blog.wohin.me/posts/thoughts-on-vuln-research-2)#BHAS BlackHatEventsREPRODUCTION!SeverityAssessmentDetection&MitigationDefenseEvaluationApplicationScenariosWhat Do We Need forReproduction?VulnerableEnvironmentProof of Concept(PoC)BrainPatientLuck#BHAS BlackHatEventsDONT TAKE SUCCESSFU

5、L ENV FOR GRANTED!Hello,when building the test environment,I followed the steps above to compile the kernel.It kept getting stuck.During the test,I didnt find any NFQUEUE rule in the target.At the time,I selected many configs,and its possible that some configs were not included.First,check if its an

6、 issue with the compilation options.#BHAS BlackHatEventsEXAMPLE:CVE-2021-22555Description:A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered innet/netfilter/x_tables.c.This allows an attacker to gain privileges or cause a DoS(via heap memory corruption)through user name spac

友情提示

1、下载报告失败解决办法
2、PDF文件下载后,可能会被浏览器默认打开,此种情况可以点击浏览器菜单,保存网页到桌面,就可以正常下载了。
3、本站不支持迅雷下载,请使用电脑自带的IE浏览器,或者360浏览器、谷歌浏览器下载即可。
4、本站报告下载后的文档和图纸-无水印,预览文档经过压缩,下载后原文更清晰。

本文(KernJC:用于生成 Linux 内核漏洞的自动化易受攻击环境.pdf)为本站 (竿头日上) 主动上传,三个皮匠报告文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知三个皮匠报告文库(点击联系客服),我们立即给予删除!

温馨提示:如果因为网速或其他原因下载失败请重新下载,重复下载不扣分。
客服
商务合作
小程序
服务号
折叠