SlideShare a Scribd company logo
A Bug Hunter’s Perspective on
Linux Drivers
A walk through the land of I/O Control
Jeremy Brown, 2015
Agenda
I. Introduction
II. Device Drivers
I. I/O Control
II. Talking to a driver
III. Bug Hunting
I. Discovery & Debugging
II. Tooling
IV. Conclusion
#whoami
• Jeremy Brown
– Independent researcher / consultant
– Formerly of Microsoft
• Windows/Phone/Xbox Security
• Malware Protection Center
– Also, Tenable
• Nessus
• RE patches
What I won’t teach you
• Comprehensive driver fundamentals
– You need lots of time and a few different books
• How to become a driver security expert
– Only a few of them around– djrbliss, spender,
j00ru, etc
• Probably how to earn a living from these bugs
– It’s OK to do research you enjoy, not just for $$$
What I hope to teach you
• What you “need to know” to get started
– Determining attack surface
– Finding and reviewing IOCTL handlers
– Some primitive fuzzing techniques
• Knowledge applicable to *nix device drivers
– Some of which translates to other OSes
• Take you from knowing nothing to something
Agenda
I. Introduction
II. Device Drivers
I. I/O Control
II. Talking to a driver
III. Bug Hunting
I. Discovery & Debugging
IV. Conclusion
Device drivers
• Plug-in for the OS
– Code that simply talks to a device
• Commonly physical or virtual devices
– Lives in kernel or user space
– Natively or through abstraction layers
• eg. wrappers or libraries
Frameworks
• Traditional Drivers
– Live in kernel space, eg. HID.ko
– Cons are kernel panics, debugging & overhead
• Userspace Drivers
– Live in user space, eg. native frameworks like UIO
– Interesting con – it can’t register interrupt handler
• Must either poll or use some other driver (kernel)
– Pro is that network libraries are mature
Reference: http://www.enea.com/Documents/Resources/Whitepapers/Enea-User-Space-Drivers-in-Linux_Whitepaper_2013.pdf
Where are these drivers?
• lsmod shows you which ones are loaded
– Parses /proc/modules
Linux Kernel Attack Surface
Credit: Jon Oberheide, SOURCE Boston 2010, “Linux Kernel Exploitation”
Reference: https://jon.oberheide.org/files/source10-linuxkernel-jonoberheide.pdf
I/O Control
• Common way to operate a device other than
simply read/write
– “We need a way to format floppies and war dial!”
• Implemented by a special type of system call
– Most *nix use ioctl()
– On Windows it’s DeviceIoControl()
I/O Control
• What do kernel devs say about I/O Control?
– “The ioctl() system call has long been out of
favor among the kernel developers, who see it
as a completely uncontrolled entry point
into the kernel[…]”
Reference: http://lwn.net/Articles/119652/
I/O Control
• Continued
– “Given the vast number of applications which
expect ioctl() to be present, however, it will
not go away anytime soon”
Image: http://www.dailygalaxy.com/.a/6a00d8341bf7f753ef0133ec9e7169970b-pi
A worthy target
• Drivers provide kernel entry points
– Find bugs in drivers, execute codes in kernel mode
• Various Impacts
– Privilege escalation
– Info Leaks
– Sandbox escapes
Previous Work
Reference: http://search.debian.org/cgi-bin/omega?DB=en&P=ioctl
Previous Work
Reference: https://www.exploit-db.com/search/?action=search&description=linux&text=ioctl
Android Privilege Escalation
• Recent blog detailing CVE-2014-4323
Reference: http://bits-please.blogspot.com/2015/08/android-linux-kernel-privilege_26.html
Android Privilege Escalation
• Vulnerabilities in the Samsung S4
• memcpy() doesn’t check user/kernel access!
Reference: http://blog.quarkslab.com/kernel-vulnerabilities-in-the-samsung-s4.html
Time to Learn
Device types
• Char
– Character Device
– Think of it as a “stream of bytes”
– Mapped to file system nodes, eg. /dev/XXXXX
• Char device vs regular file
– Sequential and arbitrary access, respectively
Corbet, Jonathan, and Alessandro Rubini. Linux Device Drivers. 3rd ed. : O'Reilly, 2005. Print.
Device types
• Block
– Usually hosts a filesystem
– Also accessible by filesystem nodes
• But through a different interface than char devices
Corbet, Jonathan, and Alessandro Rubini. Linux Device Drivers. 3rd ed. : O'Reilly, 2005. Print.
Device types
• Network
– Device that exchanges data with hosts
– Eg. Loopback, eth0
– No traditional read/write
• Special packet transmission functions are called
Corbet, Jonathan, and Alessandro Rubini. Linux Device Drivers. 3rd ed. : O'Reilly, 2005. Print.
Talking to a driver
Example driver.c
Reference: http://www.opensourceforu.com/2011/08/io-control-in-linux/
Example driver.c
Reference: http://www.opensourceforu.com/2011/08/io-control-in-linux/
copy_to_user()
• Does some overflow checks and then calls
– _copy_to_user()
• access_ok ensures userspace pointer is valid
Reference: http://lxr.free-electrons.com/source/arch/x86/lib/usercopy_32.c#L657
copy_from_user()
• Calls _copy_from_user()
• Same idea, but checks what the user specified
for from instead of to
• Also VERIFY_READ instead of VERIFY_WRITE
Example client.c
Reference: http://www.opensourceforu.com/2011/08/io-control-in-linux/
Example client.c
Reference: http://www.opensourceforu.com/2011/08/io-control-in-linux/
ioctl()
• 1st arg
– an opened file descriptor for the device
• 2nd arg
– control code, specific to each operation
• 3rd arg (optional)
– Buffer to send or receive data
IOCTL Macros
• IO
– No data transfer
• IOR
– Read by kernel, write to user
• IOW
– Read from user, write by kernel
• IORW
– Bi-directional data transfer
IOCTL Macros
• Four bitfields
– Type (magic number)
– Number
– Direction
– Size
I/O Control
Reference: https://www.kernel.org/doc/Documentation/ioctl/ioctl-number.txt
Agenda
I. Introduction
II. Device Drivers
I. I/O Control
II. Talking to a driver
III. Bug Hunting
I. Discovery & Debugging
II. Tooling
IV. Conclusion
Determining Access
• /dev/random is open to everyone
• ppp though, not so much
Capabilities
• Intended to split root into different privileges
– No more all-or-nothing
• ~40 different caps can be applied to binaries
– Eg. Want to sniff packets with Wireshark?
• setcap CAP_NET_RAW+ep /usr/bin/dumpcap
Finding IOCTLs
• VirtualBox’s SUPDrvIOC.h
Finding the IOCTL Handler
• VirtualBox’s SUPDrv-linux.c
ioctl() vs unlocked_ioctl()
• unlocked_ioctl() was added to kernel 2.6.11
– IOCTLs no longer use the old BKL (Big Kernel Lock)
– One less parameter (inode)
– Not important for bug hunting, but now you know
References: http://lwn.net/Articles/119652/
http://www.makelinux.net/ldd3/chp-6-sect-1
compat_ioctl()
• Handles 32-bit processes calling ioctl() on 64-
bit platforms
• Added in same kernel as unlocked_ioctl()
Identify buffer types
• VirtualBox’s SUPDrv-linux.c
Identify buffer types
• Vbox’s SUPDrvIOC.h
Kernel Debugging
• Host
– Mac OS X (Yosemite)
– VMware Fusion
• Guest
– Ubuntu 14.04 (x86)
More details: http://jidanhunter.blogspot.com/2015/01/linux-kernel-debugging-with-vmware-and.html
Kernel Debugging
• Configure the host
– Copy the ISO, create a new VM, install guest OS
– Edit the VMX config
• (right-click and show package contents on Mac)
– Add this line to the end of the file
– Boot up guest VM
More details: http://jidanhunter.blogspot.com/2015/01/linux-kernel-debugging-with-vmware-and.html
Kernel Debugging
• Configure the guest
More details: http://jidanhunter.blogspot.com/2015/01/linux-kernel-debugging-with-vmware-and.html
Kernel Debugging
• Configure the guest
– Copy the debug kernel to the host
• /usr/lib/debug/boot/vmlinux-<kernel version>-generic
More details: http://jidanhunter.blogspot.com/2015/01/linux-kernel-debugging-with-vmware-and.html
Kernel Debugging
• GDB
More details: http://jidanhunter.blogspot.com/2015/01/linux-kernel-debugging-with-vmware-and.html
Kernel Debugging
• GDB
More details: http://jidanhunter.blogspot.com/2015/01/linux-kernel-debugging-with-vmware-and.html
Kernel Debugging
More details: http://jidanhunter.blogspot.com/2015/01/linux-kernel-debugging-with-vmware-and.html
Kernel Debugging
• Intentionally trigger a kernel panic
– echo c > /proc/sysrq-trigger
Image: http://kernelpanicoggcast.net/images/KernelPanic.png
Tooling
Tooling
• Experimental *nix tooling
– Runs on Linux, but easily ported to other unix
• Highlights
– Static code-based discovery and import of IOCTLs
– SQLite database support
– Generational fuzzing
– Auto-generates PoCs
Tooling
Tooling
Tooling
• Will make it available after the talk
– Ping me if you’d like it sooner
Agenda
I. Introduction
II. Device drivers
I. I/O Control
II. Talking to a driver
III. Bug Hunting
I. Discovery & Debugging
II. Tooling
IV. Conclusion
Conclusion
• Drivers are a growing area for vuln research
– Kernel code is becoming a more attractive target
– Impact grows larger per app dependencies
• Fundamentals and tooling can help
• There’s going to be bugs here for a long time
– Think “forgotten syscalls”
Future Work
• Targeting abstraction layers
– Eg. LibUSB
• Binary Analysis
– IDA scripts that find & document IOCTL calls
• Other platforms
– Diversity of bugs can vary based on how the
kernel works
Thank you!
Questions?

More Related Content

What's hot

Owning windows 8 with human interface devices
Owning windows 8 with human interface devicesOwning windows 8 with human interface devices
Owning windows 8 with human interface devices
Nikhil Mittal
 
More fun using Kautilya
More fun using KautilyaMore fun using Kautilya
More fun using Kautilya
Nikhil Mittal
 
Level Up! - Practical Windows Privilege Escalation
Level Up! - Practical Windows Privilege EscalationLevel Up! - Practical Windows Privilege Escalation
Level Up! - Practical Windows Privilege Escalation
jakx_
 
BSides Hannover 2015 - Shell on Wheels
BSides Hannover 2015 - Shell on WheelsBSides Hannover 2015 - Shell on Wheels
BSides Hannover 2015 - Shell on Wheels
infodox
 
Yocto project and open embedded training
Yocto project and open embedded trainingYocto project and open embedded training
Yocto project and open embedded training
H Ming
 
Exploiting Directory Permissions on macOS
Exploiting Directory Permissions on macOSExploiting Directory Permissions on macOS
Exploiting Directory Permissions on macOS
Csaba Fitzl
 
Windows privilege escalation by Dhruv Shah
Windows privilege escalation by Dhruv ShahWindows privilege escalation by Dhruv Shah
Windows privilege escalation by Dhruv Shah
OWASP Delhi
 
Steelcon 2014 - Process Injection with Python
Steelcon 2014 - Process Injection with PythonSteelcon 2014 - Process Injection with Python
Steelcon 2014 - Process Injection with Python
infodox
 
When is something overflowing
When is something overflowingWhen is something overflowing
When is something overflowing
Peter Hlavaty
 
Lares from LOW to PWNED
Lares from LOW to PWNEDLares from LOW to PWNED
Lares from LOW to PWNED
Chris Gates
 
Power on, Powershell
Power on, PowershellPower on, Powershell
Power on, Powershell
Roo7break
 
Ultimate pen test compromising a highly secure environment (nikhil)
Ultimate pen test   compromising a highly secure environment (nikhil)Ultimate pen test   compromising a highly secure environment (nikhil)
Ultimate pen test compromising a highly secure environment (nikhil)
ClubHack
 
Getting root with benign app store apps vsecurityfest
Getting root with benign app store apps vsecurityfestGetting root with benign app store apps vsecurityfest
Getting root with benign app store apps vsecurityfest
Csaba Fitzl
 
Esage on non-existent 0-days, stable binary exploits and user interaction
Esage   on non-existent 0-days, stable binary exploits and user interactionEsage   on non-existent 0-days, stable binary exploits and user interaction
Esage on non-existent 0-days, stable binary exploits and user interaction
DefconRussia
 
Build your own embedded linux distributions by yocto project
Build your own embedded linux distributions by yocto projectBuild your own embedded linux distributions by yocto project
Build your own embedded linux distributions by yocto project
Yen-Chin Lee
 
Software Security : From school to reality and back!
Software Security : From school to reality and back!Software Security : From school to reality and back!
Software Security : From school to reality and back!
Peter Hlavaty
 
[HES2013] Virtually secure, analysis to remote root 0day on an industry leadi...
[HES2013] Virtually secure, analysis to remote root 0day on an industry leadi...[HES2013] Virtually secure, analysis to remote root 0day on an industry leadi...
[HES2013] Virtually secure, analysis to remote root 0day on an industry leadi...
Hackito Ergo Sum
 
Rainbow Over the Windows: More Colors Than You Could Expect
Rainbow Over the Windows: More Colors Than You Could ExpectRainbow Over the Windows: More Colors Than You Could Expect
Rainbow Over the Windows: More Colors Than You Could Expect
Peter Hlavaty
 
Steelcon 2015 - 0wning the internet of trash
Steelcon 2015 - 0wning the internet of trashSteelcon 2015 - 0wning the internet of trash
Steelcon 2015 - 0wning the internet of trash
infodox
 
Visiting the Bear Den
Visiting the Bear DenVisiting the Bear Den
Visiting the Bear Den
ESET
 

What's hot (20)

Owning windows 8 with human interface devices
Owning windows 8 with human interface devicesOwning windows 8 with human interface devices
Owning windows 8 with human interface devices
 
More fun using Kautilya
More fun using KautilyaMore fun using Kautilya
More fun using Kautilya
 
Level Up! - Practical Windows Privilege Escalation
Level Up! - Practical Windows Privilege EscalationLevel Up! - Practical Windows Privilege Escalation
Level Up! - Practical Windows Privilege Escalation
 
BSides Hannover 2015 - Shell on Wheels
BSides Hannover 2015 - Shell on WheelsBSides Hannover 2015 - Shell on Wheels
BSides Hannover 2015 - Shell on Wheels
 
Yocto project and open embedded training
Yocto project and open embedded trainingYocto project and open embedded training
Yocto project and open embedded training
 
Exploiting Directory Permissions on macOS
Exploiting Directory Permissions on macOSExploiting Directory Permissions on macOS
Exploiting Directory Permissions on macOS
 
Windows privilege escalation by Dhruv Shah
Windows privilege escalation by Dhruv ShahWindows privilege escalation by Dhruv Shah
Windows privilege escalation by Dhruv Shah
 
Steelcon 2014 - Process Injection with Python
Steelcon 2014 - Process Injection with PythonSteelcon 2014 - Process Injection with Python
Steelcon 2014 - Process Injection with Python
 
When is something overflowing
When is something overflowingWhen is something overflowing
When is something overflowing
 
Lares from LOW to PWNED
Lares from LOW to PWNEDLares from LOW to PWNED
Lares from LOW to PWNED
 
Power on, Powershell
Power on, PowershellPower on, Powershell
Power on, Powershell
 
Ultimate pen test compromising a highly secure environment (nikhil)
Ultimate pen test   compromising a highly secure environment (nikhil)Ultimate pen test   compromising a highly secure environment (nikhil)
Ultimate pen test compromising a highly secure environment (nikhil)
 
Getting root with benign app store apps vsecurityfest
Getting root with benign app store apps vsecurityfestGetting root with benign app store apps vsecurityfest
Getting root with benign app store apps vsecurityfest
 
Esage on non-existent 0-days, stable binary exploits and user interaction
Esage   on non-existent 0-days, stable binary exploits and user interactionEsage   on non-existent 0-days, stable binary exploits and user interaction
Esage on non-existent 0-days, stable binary exploits and user interaction
 
Build your own embedded linux distributions by yocto project
Build your own embedded linux distributions by yocto projectBuild your own embedded linux distributions by yocto project
Build your own embedded linux distributions by yocto project
 
Software Security : From school to reality and back!
Software Security : From school to reality and back!Software Security : From school to reality and back!
Software Security : From school to reality and back!
 
[HES2013] Virtually secure, analysis to remote root 0day on an industry leadi...
[HES2013] Virtually secure, analysis to remote root 0day on an industry leadi...[HES2013] Virtually secure, analysis to remote root 0day on an industry leadi...
[HES2013] Virtually secure, analysis to remote root 0day on an industry leadi...
 
Rainbow Over the Windows: More Colors Than You Could Expect
Rainbow Over the Windows: More Colors Than You Could ExpectRainbow Over the Windows: More Colors Than You Could Expect
Rainbow Over the Windows: More Colors Than You Could Expect
 
Steelcon 2015 - 0wning the internet of trash
Steelcon 2015 - 0wning the internet of trashSteelcon 2015 - 0wning the internet of trash
Steelcon 2015 - 0wning the internet of trash
 
Visiting the Bear Den
Visiting the Bear DenVisiting the Bear Den
Visiting the Bear Den
 

Similar to A Bug Hunter's Perspective on Unix Drivers

CNIT 126: 10: Kernel Debugging with WinDbg
CNIT 126: 10: Kernel Debugging with WinDbgCNIT 126: 10: Kernel Debugging with WinDbg
CNIT 126: 10: Kernel Debugging with WinDbg
Sam Bowne
 
CNIT 126: 10: Kernel Debugging with WinDbg
CNIT 126: 10: Kernel Debugging with WinDbgCNIT 126: 10: Kernel Debugging with WinDbg
CNIT 126: 10: Kernel Debugging with WinDbg
Sam Bowne
 
On non existent 0-days, stable binary exploits and
On non existent 0-days, stable binary exploits andOn non existent 0-days, stable binary exploits and
On non existent 0-days, stable binary exploits and
Alisa Esage Шевченко
 
Linux
LinuxLinux
Linux kernel booting
Linux kernel bootingLinux kernel booting
Linux kernel booting
Ramin Farajpour Cami
 
Device Drivers
Device DriversDevice Drivers
Device Drivers
Kushal Modi
 
Top 10 Tips for Beginning Linux Users
Top 10 Tips for Beginning Linux UsersTop 10 Tips for Beginning Linux Users
Top 10 Tips for Beginning Linux Users
St. Petersburg College
 
Course 102: Lecture 25: Devices and Device Drivers
Course 102: Lecture 25: Devices and Device Drivers Course 102: Lecture 25: Devices and Device Drivers
Course 102: Lecture 25: Devices and Device Drivers
Ahmed El-Arabawy
 
Linux forensics
Linux forensicsLinux forensics
Linux forensics
Santosh Khadsare
 
Linux basics
Linux basicsLinux basics
Linux basics
Santosh Khadsare
 
Docker Dojo
Docker DojoDocker Dojo
Demystifying kubernetes
Demystifying kubernetesDemystifying kubernetes
Demystifying kubernetes
Works Applications
 
Building Embedded Linux Full Tutorial for ARM
Building Embedded Linux Full Tutorial for ARMBuilding Embedded Linux Full Tutorial for ARM
Building Embedded Linux Full Tutorial for ARM
Sherif Mousa
 
Device drivers tsp
Device drivers tspDevice drivers tsp
Device drivers tsp
Pradeep Kumar TS
 
Practical Malware Analysis: Ch 10: Kernel Debugging with WinDbg
Practical Malware Analysis: Ch 10: Kernel Debugging with WinDbgPractical Malware Analysis: Ch 10: Kernel Debugging with WinDbg
Practical Malware Analysis: Ch 10: Kernel Debugging with WinDbg
Sam Bowne
 
Linx privx privileges-sudo misconfiguration group and docker daemon privileges
Linx privx privileges-sudo misconfiguration group and docker daemon privilegesLinx privx privileges-sudo misconfiguration group and docker daemon privileges
Linx privx privileges-sudo misconfiguration group and docker daemon privileges
AliBawazeEer
 
NSC #2 - D3 02 - Peter Hlavaty - Attack on the Core
NSC #2 - D3 02 - Peter Hlavaty - Attack on the CoreNSC #2 - D3 02 - Peter Hlavaty - Attack on the Core
NSC #2 - D3 02 - Peter Hlavaty - Attack on the Core
NoSuchCon
 
Studienarb linux kernel-dev
Studienarb linux kernel-devStudienarb linux kernel-dev
Studienarb linux kernel-dev
murali_purushothaman
 
Unikernels: Rise of the Library Hypervisor
Unikernels: Rise of the Library HypervisorUnikernels: Rise of the Library Hypervisor
Unikernels: Rise of the Library Hypervisor
Anil Madhavapeddy
 
Intro To Linux
Intro To LinuxIntro To Linux
Intro To Linux
techlug
 

Similar to A Bug Hunter's Perspective on Unix Drivers (20)

CNIT 126: 10: Kernel Debugging with WinDbg
CNIT 126: 10: Kernel Debugging with WinDbgCNIT 126: 10: Kernel Debugging with WinDbg
CNIT 126: 10: Kernel Debugging with WinDbg
 
CNIT 126: 10: Kernel Debugging with WinDbg
CNIT 126: 10: Kernel Debugging with WinDbgCNIT 126: 10: Kernel Debugging with WinDbg
CNIT 126: 10: Kernel Debugging with WinDbg
 
On non existent 0-days, stable binary exploits and
On non existent 0-days, stable binary exploits andOn non existent 0-days, stable binary exploits and
On non existent 0-days, stable binary exploits and
 
Linux
LinuxLinux
Linux
 
Linux kernel booting
Linux kernel bootingLinux kernel booting
Linux kernel booting
 
Device Drivers
Device DriversDevice Drivers
Device Drivers
 
Top 10 Tips for Beginning Linux Users
Top 10 Tips for Beginning Linux UsersTop 10 Tips for Beginning Linux Users
Top 10 Tips for Beginning Linux Users
 
Course 102: Lecture 25: Devices and Device Drivers
Course 102: Lecture 25: Devices and Device Drivers Course 102: Lecture 25: Devices and Device Drivers
Course 102: Lecture 25: Devices and Device Drivers
 
Linux forensics
Linux forensicsLinux forensics
Linux forensics
 
Linux basics
Linux basicsLinux basics
Linux basics
 
Docker Dojo
Docker DojoDocker Dojo
Docker Dojo
 
Demystifying kubernetes
Demystifying kubernetesDemystifying kubernetes
Demystifying kubernetes
 
Building Embedded Linux Full Tutorial for ARM
Building Embedded Linux Full Tutorial for ARMBuilding Embedded Linux Full Tutorial for ARM
Building Embedded Linux Full Tutorial for ARM
 
Device drivers tsp
Device drivers tspDevice drivers tsp
Device drivers tsp
 
Practical Malware Analysis: Ch 10: Kernel Debugging with WinDbg
Practical Malware Analysis: Ch 10: Kernel Debugging with WinDbgPractical Malware Analysis: Ch 10: Kernel Debugging with WinDbg
Practical Malware Analysis: Ch 10: Kernel Debugging with WinDbg
 
Linx privx privileges-sudo misconfiguration group and docker daemon privileges
Linx privx privileges-sudo misconfiguration group and docker daemon privilegesLinx privx privileges-sudo misconfiguration group and docker daemon privileges
Linx privx privileges-sudo misconfiguration group and docker daemon privileges
 
NSC #2 - D3 02 - Peter Hlavaty - Attack on the Core
NSC #2 - D3 02 - Peter Hlavaty - Attack on the CoreNSC #2 - D3 02 - Peter Hlavaty - Attack on the Core
NSC #2 - D3 02 - Peter Hlavaty - Attack on the Core
 
Studienarb linux kernel-dev
Studienarb linux kernel-devStudienarb linux kernel-dev
Studienarb linux kernel-dev
 
Unikernels: Rise of the Library Hypervisor
Unikernels: Rise of the Library HypervisorUnikernels: Rise of the Library Hypervisor
Unikernels: Rise of the Library Hypervisor
 
Intro To Linux
Intro To LinuxIntro To Linux
Intro To Linux
 

More from Jeremy Brown

Provoking Windows
Provoking WindowsProvoking Windows
Provoking Windows
Jeremy Brown
 
Summer of Fuzz: macOS
Summer of Fuzz: macOSSummer of Fuzz: macOS
Summer of Fuzz: macOS
Jeremy Brown
 
Unsecuring SSH
Unsecuring SSHUnsecuring SSH
Unsecuring SSH
Jeremy Brown
 
Attacking Big Data Land
Attacking Big Data LandAttacking Big Data Land
Attacking Big Data Land
Jeremy Brown
 
Adventures with Podman and Varlink
Adventures with Podman and VarlinkAdventures with Podman and Varlink
Adventures with Podman and Varlink
Jeremy Brown
 
ProdSec: A Technical Approach
ProdSec: A Technical ApproachProdSec: A Technical Approach
ProdSec: A Technical Approach
Jeremy Brown
 
Microsoft Vulnerability Research - How to be a finder as a vendor
Microsoft Vulnerability Research - How to be a finder as a vendorMicrosoft Vulnerability Research - How to be a finder as a vendor
Microsoft Vulnerability Research - How to be a finder as a vendor
Jeremy Brown
 
Cloud Device Insecurity
Cloud Device InsecurityCloud Device Insecurity
Cloud Device Insecurity
Jeremy Brown
 

More from Jeremy Brown (8)

Provoking Windows
Provoking WindowsProvoking Windows
Provoking Windows
 
Summer of Fuzz: macOS
Summer of Fuzz: macOSSummer of Fuzz: macOS
Summer of Fuzz: macOS
 
Unsecuring SSH
Unsecuring SSHUnsecuring SSH
Unsecuring SSH
 
Attacking Big Data Land
Attacking Big Data LandAttacking Big Data Land
Attacking Big Data Land
 
Adventures with Podman and Varlink
Adventures with Podman and VarlinkAdventures with Podman and Varlink
Adventures with Podman and Varlink
 
ProdSec: A Technical Approach
ProdSec: A Technical ApproachProdSec: A Technical Approach
ProdSec: A Technical Approach
 
Microsoft Vulnerability Research - How to be a finder as a vendor
Microsoft Vulnerability Research - How to be a finder as a vendorMicrosoft Vulnerability Research - How to be a finder as a vendor
Microsoft Vulnerability Research - How to be a finder as a vendor
 
Cloud Device Insecurity
Cloud Device InsecurityCloud Device Insecurity
Cloud Device Insecurity
 

Recently uploaded

"What does it really mean for your system to be available, or how to define w...
"What does it really mean for your system to be available, or how to define w..."What does it really mean for your system to be available, or how to define w...
"What does it really mean for your system to be available, or how to define w...
Fwdays
 
QA or the Highway - Component Testing: Bridging the gap between frontend appl...
QA or the Highway - Component Testing: Bridging the gap between frontend appl...QA or the Highway - Component Testing: Bridging the gap between frontend appl...
QA or the Highway - Component Testing: Bridging the gap between frontend appl...
zjhamm304
 
Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving | Modern Metal Trim, Nameplates and Appliance PanelsNorthern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
MichaelKnudsen27
 
Christine's Supplier Sourcing Presentaion.pptx
Christine's Supplier Sourcing Presentaion.pptxChristine's Supplier Sourcing Presentaion.pptx
Christine's Supplier Sourcing Presentaion.pptx
christinelarrosa
 
What is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE?  Session 1 – CoE VisionWhat is an RPA CoE?  Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE Vision
DianaGray10
 
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptxPRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
christinelarrosa
 
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
Alex Pruden
 
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
Edge AI and Vision Alliance
 
"Scaling RAG Applications to serve millions of users", Kevin Goedecke
"Scaling RAG Applications to serve millions of users",  Kevin Goedecke"Scaling RAG Applications to serve millions of users",  Kevin Goedecke
"Scaling RAG Applications to serve millions of users", Kevin Goedecke
Fwdays
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
Jakub Marek
 
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge GraphGraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
Neo4j
 
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-EfficiencyFreshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
ScyllaDB
 
Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |
AstuteBusiness
 
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity serverDandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
Antonios Katsarakis
 
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsConnector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
DianaGray10
 
What is an RPA CoE? Session 2 – CoE Roles
What is an RPA CoE?  Session 2 – CoE RolesWhat is an RPA CoE?  Session 2 – CoE Roles
What is an RPA CoE? Session 2 – CoE Roles
DianaGray10
 
GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
Javier Junquera
 
Must Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during MigrationMust Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during Migration
Mydbops
 
inQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
inQuba Webinar Mastering Customer Journey Management with Dr Graham HillinQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
inQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
LizaNolte
 

Recently uploaded (20)

"What does it really mean for your system to be available, or how to define w...
"What does it really mean for your system to be available, or how to define w..."What does it really mean for your system to be available, or how to define w...
"What does it really mean for your system to be available, or how to define w...
 
QA or the Highway - Component Testing: Bridging the gap between frontend appl...
QA or the Highway - Component Testing: Bridging the gap between frontend appl...QA or the Highway - Component Testing: Bridging the gap between frontend appl...
QA or the Highway - Component Testing: Bridging the gap between frontend appl...
 
Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving | Modern Metal Trim, Nameplates and Appliance PanelsNorthern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
 
Christine's Supplier Sourcing Presentaion.pptx
Christine's Supplier Sourcing Presentaion.pptxChristine's Supplier Sourcing Presentaion.pptx
Christine's Supplier Sourcing Presentaion.pptx
 
What is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE?  Session 1 – CoE VisionWhat is an RPA CoE?  Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE Vision
 
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptxPRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
 
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
 
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
 
"Scaling RAG Applications to serve millions of users", Kevin Goedecke
"Scaling RAG Applications to serve millions of users",  Kevin Goedecke"Scaling RAG Applications to serve millions of users",  Kevin Goedecke
"Scaling RAG Applications to serve millions of users", Kevin Goedecke
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
 
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge GraphGraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
 
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-EfficiencyFreshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
 
Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |
 
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity serverDandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
 
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsConnector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
 
What is an RPA CoE? Session 2 – CoE Roles
What is an RPA CoE?  Session 2 – CoE RolesWhat is an RPA CoE?  Session 2 – CoE Roles
What is an RPA CoE? Session 2 – CoE Roles
 
GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
 
Must Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during MigrationMust Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during Migration
 
inQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
inQuba Webinar Mastering Customer Journey Management with Dr Graham HillinQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
inQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
 

A Bug Hunter's Perspective on Unix Drivers

Editor's Notes

  1. 19