Tag: Vulnerability Research

The importance of diverse knowledge in vulnerability research – The transferability of knowledge

Posted on by Allele Security Intelligence in Research

Para acessar este post em português, clique aqui.

To achieve an excellent and high-level career in Information Security, diverse and deep technical knowledge is indispensable. It is crucial to have solid experience with:

  • Network protocols;
  • Computer architecture;
  • Operating systems;
  • Programming languages;
  • Compilers, among other fundamentals.

The professional needs to have a broad range of knowledge. We are talking about high-impact careers, formed by people who work at the forefront of modern technology. Although other qualities are necessary, the focus here resides strictly on the technical aspect.

Continue reading “The importance of diverse knowledge in vulnerability research – The transferability of knowledge”

Accidentally uncovering a seven years old vulnerability in the Linux kernel

Posted on by Allele Security Intelligence in Research

Para acessar esta postagem em português, clique aqui.

Vulnerability research is at the core of Allele Security Intelligence. We have been actively researching for more than a decade, and we offer our expertise to our clients. Among the services we offer are 0day and nday vulnerability research.

In nday vulnerability research projects, in the case of the Linux kernel, we look for vulnerabilities patched upstream, that still affect major distributions even in their latest release. Usually, we find vulnerabilities patched over a year ago that still affect popular Linux distributions. We do that by auditing the Linux kernel source code, monitoring vulnerabilities submitted to mailing lists and patched upstream, checking the findings of the syzkaller fuzzer and other ways.

While doing that research, we accidentally discovered a vulnerability in the core of the TCP subsystem of the Linux kernel. It had been introduced seven years earlier. We reported it upstream, which was patched in May of last year. In this blog post, we’ll share how it happened and briefly analyze the vulnerability.

Continue reading “Accidentally uncovering a seven years old vulnerability in the Linux kernel”

EnSI 8º Edition – Cert.Bahia

Posted on by Allele Security Intelligence in Events

We will be present at the 8th Edition of the Cert.Bahia EnSI that will be held in Salvador, Bahia, on October 03, 2018 (Wednesday). In this event, we will be presenting on the following topic: Introduction to vulnerability research in the Linux kernel.

In this presentation, the audience will be introduced to vulnerability research in the Linux kernel. The presentation will be divided in two parts, initially, will be introduced what is the kernel of an operating system, passing some details on computer architecture, modes of CPU as well as what motivations to study kernels, what is Linux, its eco and subsystems, research environment and tools. In the second part, we will discuss some lessons learned about vulnerabilities that have affected or are still affecting the Linux kernel.

Continue reading “EnSI 8º Edition – Cert.Bahia”