Kernel Exploitation

CSE 598 - Spring 2024

You've taken your first steps into kernel exploitation with Kernel Security.

Are you ready to kick your knowledge up a notch to understand how real-world Linux kernel exploitation is done?

This module will provide you with the guide that you need to become an expert in Linux kernel exploitation.

Note 1: this is a kernel exploitation module, and requires you to run vm connect to drop into the virtual machine where the challenge is running. You can get logs using vm logs and (in Practice Mode) debug the kernel using vm debug.

Note 2: for technical reasons, we had to disable virtualization on this module. The VM will be slow --- consider doing heavy tasks like compiling in the normal workspace (e.g., in a terminal where you have not done vm connect).

Lectures and Reading


get a hang of how Linux kernel heap works with no protection-ish, have fun!

time to try some "real-tm" kernel exploitation (randomized freelist) with no "win" functions!

well, real-world kernels have this weird KASLR thingy

how do you exploit the kernel with no function pointers?

alright, can you pwn it with "HARDENED" freelist?

now, we are working on "real" linux kernel heap!

msg the kernel for the win!

no more USERCOPY, what now?


This scoreboard reflects solves for challenges in this module after the module launched in this dojo.

Rank Hacker Badges Score