sam4k

18 research items0 followers

Research Items

Linternals: Exploring The mm Subsystem via mmap [0x02]

In this part we'll use our case study to explore how the Linux kernel maps private anonymous memory.

Write-upPublished 25 April 20251 post View source →

Linternals: Exploring The mm Subsystem via mmap [0x01]

In this series we'll explore the Linux kernel's memory management subsystem, using a simple userspace program as our starting point.

Linux Internals

Write-upPublished 16 December 20241 post View source →

Linternals: The Slab Allocator

This time we're going to build on that and introduce another memory allocator found within the Linux kernel, the slab allocator, and it's various flavours. So buckle up as we dive into the exciting world of SLABs, SLUBs and SLOBs.

Linux Kernel Internals

Write-upPublished 9 November 20221 post View source →

Linternals: Introducing Memory Allocators & The Page Allocator

I know you've all been waiting for it, that's right, we're going to be taking a dive into another exciting aspect of Linux internals: memory allocators!

Linux Kernel Internals

Write-upPublished 10 June 20221 post View source →

Linternals: The Kernel Virtual Address Space

In this part of our journey into virtual memory in Linux, we cover the mystical kernel memory map and all it entails.

Linux Kernel Internals

Write-upPublished 10 May 20221 post View source →

Linternals: The User Virtual Address Space

We continue our journey to understand virtual memory in Linux, as we take a closer look at the user virtual address space.

Linux Internals

Write-upPublished 20 March 20221 post View source →

CVE-2022-0435: A Remote Stack Overflow in The Linux Kernel

Recently I discovered a vulnerability in the Linux kernel that's been lurking there since 4.8 (July 2016)! CVE-2022-0435 is a remotely and locally exploitable stack overflow in the TIPC networking module of the Linux kernel

Linux Kernel Zero-day

Write-upPublished 15 February 20221 post View source →

Linternals: Introducing Virtual Memory

Alright, let's get stuck into some Linternals! As the title suggests, this post will be exploring the ins and outs of virtual memory with regards to modern Linux systems.

Linux Internals

Write-upPublished 15 January 20221 post View source →

Setting Up A Virtualised (Linux) Empire on Apple Silicon

Follow me on my journey moving my virtualisation workflow as a Linux security researcher from Linux x86_64 to MacOS aarch64.

Linux macOS Debugging Virtualization / Hypervisors

Write-upPublished 8 January 20221 post View source →

Linternals: The (Modern) Boot Process [0x02]

Welcome to the second part of my totally-wasn't-meant-to-be-a-one-part Linux internals post on the modern boot process!

Linux Internals

Write-upPublished 10 October 20211 post View source →

Linternals: The (Modern) Boot Process [0x01]

What more appropriate way to kick off a series on Linux internals than figuring out how we actually get those internals running in the first place? This post is going to cover the process that takes us from pressing a power button, to a fully usable Linux operating system.

Linux Internals

Write-upPublished 26 September 20211 post View source →

Kernel Exploitation Techniques: Turning The (Page) Tables

This post explores attacking page tables as a Linux kernel exploitation technique for gaining powerful read/write primitives.

Linux Kernel Exploit Development Privilege Escalation

Write-upPublished 7 May 20251 post View source →

ZDI-24-821: A Remote UAF in The Kernel's net/tipc

In this post I discuss a vulnerability which allows a local, or remote attacker, to trigger a use-after-free in the TIPC networking stack on affected installations of the Linux kernel.

Linux Kernel Vulnerability Research Zero-day

Write-upPublished 3 July 20241 post View source →

Exploring Linux's New Random Kmalloc Caches

Let's explore the modern kernel heap exploitation meta and how the new RANDOM_KMALLOC_CACHES tries to address it.

Linux Kernel Mitigations Exploit Development

Write-upPublished 3 November 20231 post View source →

Analysing Linux Kernel Commits

Tag along as I talk about a half finished project, looking at analysing Linux kernel commits for interesting security fixes.

Linux Kernel Vulnerability Research

Write-upPublished 7 February 20231 post View source →

So You Wanna Pwn The Kernel?

My aim for this post is to provide some insights for getting into Linux kernel vulnerability research and exploit development.

Linux Kernel Vulnerability Research Exploit Development

Write-upPublished 1 September 20221 post View source →

Kernel Exploitation Techniques: modprobe_path

Let's kick things off with a modern day staple for local privilege escalation (LPE) in Linux Kernel Exploitation, modprobe_path.

Linux Kernel Privilege Escalation Exploit Development

Write-upPublished 4 July 20221 post View source →

Patching, Instrumenting & Debugging Linux Kernel Modules

An introductory look into patching, instrumenting and debugging Linux kernel modules.

Debugging Linux Kernel

Write-upPublished 15 April 20221 post View source →