Infosec In the City (IIC)
#IICSG2019 Training — Linux-Kernel Research for Kernel-Newcomers
by Ron Munitz, The Premium Software Consulting Group (PSCG)
In this hands-on and fast pace training, you will learn about, configure and build to tools that will enable you to easily jump start (or boost the efficiency of) your Linux Kernel and userspace research, for the sake of Desktop/Server, IoT and Android research.
The Linux Kernel is as you can probably imagine — huge, and open source. This has the advantage that you don't need to reverse engineer the entire universe to get to know what is going on (with the exception of binary blobs, customisations, additions, etc. but this is not a GPL legal class, although we will address it). Unfortunately, it also has the disadvantage that when you have so much information at the tip of your hand and don't know how to handle it, even the simplest development (not to mention research) task may be unbearably overwhelming, and indeed, getting into kernel development, and security research is challenging and sometimes frightening.
In this hands-on training, we will patiently prepare and use the tools that will help you optimise your kernel code auditing, tracing and debugging routines — assuming no previous significant Linux experience.
Upon completing this course, you will be able to save countless hours of code reading, understand what are the best points to start with common and not so common research tasks, and learn to efficiently build your debugging and tracing mechanisms, so that getting started with "reading the source" will become much faster, intuitive, and fun.
The addressed targets are x86 and ARM. Several weeks before starting the training, we will be in touch with the registered attendees, and understand their priorities. According to those, we may be using specific boards of interest, rather than VMs.
Date: 17-18 Jun 2019
Venue: Sands Expo & Convention Centre, Marina Bay Sands
Early Bird (Sign up by 30 Apr 2019): $3,300 SGD
Standard (Sign up by 31 May 2019): $3,600 SGD
Late: $3,900 SGD
Setup and administration (VMs, as well as detailed instructions on how they were prepared will be provided upon registration).
Obtaining the Linux Kernel, understanding how to work with different versions
Source code structure overview.
Understanding open source, binary blobs and the different interfaces.
Configuring and building the kernel #1 — Building and running the Linux Kernel on your current machine
The Linux boot process — From power-on to init process and the start of userspace
Configuring and building the kernel #2 — Building, running and debugging a minimal working, Linux distro on a VM (KVM/QEMU)
Enumeration, forensics and discovery #1 — Device discovery (on x86 and embedded) and sysfs representation (Unified Device Model)
Building loadable kernel modules (LKM's) and extending the kernel code. Code injection vectors.
Enumeration, forensics and discovery #2 — Kernel debugging mechanisms, basic forensics (kindly exposed to userspace by virtual filesystems) and getting arbitrary read/write primitives (as well as what are the page access restrictions and tips on subverting them).
Kernel debuggers — KDB, KGDB
Other "debuggers" — *probes and ebpf
Kernel tracing — ftrace
Motivation for some of the security mechanisms in some versions of the kernel (which is great if you need to research kernels that don't have them)
Kernel security measures, and where they are implemented
Enumeration, forensics and discovery #3 — Leaking addresses, and improvement over address protections (important: know your kernel version, and you might get some presents ...)
Testing and fuzzing tools
Building (almost) anything you want with Yocto Project
Using Yocto Project to very easily assist and automate your security tool arsenal
Q&A & Mini Consulting — Hit us with your problems, let's help you think!
Students need to have familiarity with basic Linux distro usage and command-line tools, and a basic understanding of scripting in bash or Python would also be beneficial.
Proficiency in C is mandatory (if you haven't written a lot of code for a while, but consider yourself a good researcher — It is also OK). It is highly recommended to have a good understanding of theory (and practice, perhaps in other Operating Systems) of Operating Systems.
WHAT TO BRING
Students are to bring laptops with at least 50GB of free space (100GB are recommended, to easily do the Yocto Project labs). The instructor will provide both instructions for setting up your own Linux station and a VMware Player image with all the required materials.
ABOUT THE TRAINER
RON MUNITZ, CEO of The PSCG Premium Consulting group, is a parallel entrepreneur, specialising in Operating System internals and Embedded Security. His experience ranges from esoteric real-time operating systems and all kind of Industrial devices to anything Unix/Linux flavoured, with renowned expertise on the Linux kernel, XNU Kernel and Android and MacOS ecosystems. Ron is an experienced lecturer, who has trained thousands of engineers for The PSCG, ARM and the Linux Foundation, and has initiated and led cybersecurity tracks in several universities.
When not teaching or consulting, Ron is leading PSCG Holdings LTD, a house of excellence for entrepreneurs-researchers, active in the Aerospace, Maritime, Automotive and Mobile cybersecurity domains.
In his previous lifetimes, Ron founded Nubo Software, the first Android display protocol, brought up Linux and some RTOS's on more boards than he can remember, did all kinds of security-related work ( ;-) ), and led the development of a couple of satellite launchers ( ;-) ;-) ).