2021-01-22

[public] 85.9K views, 5.50K likes, 34.0 dislikes audio only

LiveOverflow

Last video we looked at a kernel exploit against SerenityOS Kernel. This video we dig deep into the sources to find out why the vulnerability exists. After that we even attempt to find our own exploit.

Part 1 - The Kernel Exploit: /youtube/video/qUh507Na9nk

00:00 - Intro

00:27 - Part 1 - Linux vs. Serenity

01:17 - Finding ptrace() in Linux

01:31 - Finding ptrace() in Serenity

02:12 - Comparing Linux and Serenity ptrace() Code

04:07 - Architecture Specific Code in Linux

04:45 - Continue Comparing Linux vs. Serenity ptrace() Code

05:08 - Conclusion of Part 1

05:57 - Part 2 - hxp wisdom2 Exploit Analysis

06:44 - Reading ptrace() again

07:26 - Reading execve() code

08:46 - The Critical execve() code

09:30 - Do You Notice The Vulnerability?

10:17 - Race Condition Exploit Strategy

11:48 - Part 3 - Doing Own Research

13:15 - Doing an Experiment

15:44 - Kernel Changes for Experiment

16:00 - Failed Experiment

16:26 - Asking Andreas Kling About Scheduler Code

17:45 - Conclusion - Read More Code

18:38 - Outro

-=[ ❤️ Support ]=-

→ per Video: https://www.patreon.com/join/liveoverflow

→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join

-=[ 🐕 Social ]=-

→ Twitter: https://twitter.com/LiveOverflow/

→ Instagram: https://instagram.com/LiveOverflow/

→ Website: https://liveoverflow.com/

→ Subreddit: https://www.reddit.com/r/LiveOverflow/

→ Facebook: https://www.facebook.com/LiveOverflow/