xorl %eax, %eax

News: twiz + sgrakkyu book on kernel exploitation

with 13 comments

I was browsing amazon.com when I saw this! For a moment I thought that this should be some kind of joke or something but it seems to be true.
The well known and freaking amazing twiz (real name Enrico Perla) and sgrakkyu (real name Massimiliano Oldani) are publishing an entire book on kernel exploitation!!! I honestly cannot wait until July to read it. If you don’t know these guys (for some reason that I have no idea about) here are a few references:

Phrack #64: Attacking the core
kernelbof blog
madwifi WPA/RSN IE remote kernel buffer overflow

And a lot of more (google it)…
I bet that this book would be my favorite, along with taossa of course. The chapters of the book are:

Part I: A Journey to Kernel Land
Chapter 1: From User Land to Kernel Land Attacks
Chapter 2: A Taxonomy of Kernel Vulnerabilities
Chapter 3: Stairway to Successful Kernel Exploitation
Part II: The Unix Family, Mac OS X, and Windows
Chapter 4: The Unix Family
Chapter 5: Mac OS X
Chapter 6: Windows
Part III: Remote Kernel Exploitation
Chapter 7: Facing the Challenges of Remote Exploitation
Chapter 8: Putting it all Together: A Linux Case Study
Part IV: Final Words
Chapter 9: Kernel Evolution: Future Attacks and Defense

Ok, enough talking… time to place a pre-order ;)

Written by xorl

November 7, 2009 at 01:28

Posted in news

13 Responses

Subscribe to comments with RSS.

  1. xorl: Excellent, I would’ve never even heard of this if not for you; I’ll pre-order also, it looks like it’ll be a good read/addition to the Phrack article i.e remote kernel exploitation and windows/mac osx.

    Thanks for blogging about this; Thanks for coming back; Thanks for being my love!

    Keen Observer / ret

    November 7, 2009 at 02:39

  2. hehe ret! :)

    Indeed, I’m curious especially for the new tricks that they would have put in there. Without even reading a single line of it I’m almost certain that it will be the best exploitation book written so far.

    Unfortunately, we’ll have to wait until July :(


    November 7, 2009 at 03:02

  3. My birthday is in July; a good birthday present I suppose; I heard TAOSSA v2 is going to be released sometime also, not sure on how true that is, but it should probably be rather good.

    Keen Observer / ret

    November 7, 2009 at 03:14

  4. That would be great! The “suggestions” page in their site has some really awesome ideas.


    November 7, 2009 at 03:27

  5. Knew it was you ret. Did you finally give up your real nick after you figured out how many people I know that know who you are? :p Get to work on that format string exploit.

    Anyway, being on topic here: the book to be released will get you into the mindset of kernel exploitation. It’s not going to be a book filled with pages of shellcode that’ll be outdated in two years. Twiz and sgrakkyu are artists in the field and keep up with the latest protections (their P64 article for instance deserves a huge amount of respect). It’ll be a great resource for anyone interested in the subject.


    November 7, 2009 at 12:34

  6. spender this is your estimation of the book’s content based on their previous work or you have read some snippets of it?


    November 7, 2009 at 14:31

  7. I’ve talked with them about the goals/content of the book, but they’ve asked that I not mention anything about the content (for obvious reasons). So, both ;)


    November 7, 2009 at 16:17

  8. Oh.. ok, nice to know.


    November 7, 2009 at 16:23

  9. That’s some awesome news. Definitely something from which people will have very high expectations.


    November 7, 2009 at 20:49

  10. Spender,
    I’m glad that you’re scouting for information on who I am, it makes me almost feel special.

    You also only know that which those people tell you, I’m afraid. A hilarity in itself. You might want to learn how to understand the psychology of your enemy. For it shall guide you through their destruction.

    Say hello to your friendz.

    Keen Observer

    November 7, 2009 at 22:49

  11. I plan to write a book about memory exploitation in Indonesian language, but it may was only wishes because it may be less famous than those book written by sgrakkyu


    November 8, 2009 at 13:42

  12. ret, you fail miserably at threatening. You can’t even get my OS right for your threat about my machine — even though it’s posted publicly what I’m using.

    You’re a glory hunter yourself among the 15-19 year old script kid demographic, a class which you belong to yourself. “Hey look at me, I post nothing but useless/incorrect crap about other people to mask the fact that I have nothing to offer.” Does it make you feel like a hero on #social, since you would otherwise be completely unnoticed? (since again, you know nothing and do nothing) Sucking up to xorl doesn’t make you any less pathetic.

    I thought I told you to get back to work on that format string exploit you were working on? You know, the one you were supposed to work on to teach you how to write an exploit.

    Since xorl is complicit in trashing up his blog with this uselessness from someone who sucks up to him, I have one final thing to say here and then I’ll post nothing more:
    xorl: your analysis of vulns is painfully wrong at least half of the time, but nobody else has the heart to tell you. We only mention it amongst ourselves.

    perhaps ret will learn something now that he has no one to troll.


    November 8, 2009 at 14:42

  13. spender first off all, I have relationship with neither of you (yourself and ret). You’re almost the same to me and I won’t criticize your opinions since you are free people and you can express them. That’s why I didn’t comment anything on your flame wars in this and the pipe bug’s post.
    Now, on the second subject. I’m always open to hear about my mistakes and hopefully learn of them. I cannot recall anywhere where I was narrow minded when somebody told me that I was wrong.
    Also, you said:
    “We only mention it amongst ourselves.”
    Just of curiosity, could you be more specific on who are “we” that you imply (if I’m not wrong) to representing?


    November 8, 2009 at 14:58

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s