01-31-2024, 05:34 PM
Hello breached community I'm going to show you why Kernel exploitation is a real thing
What's is a Kernel ?
In simple terms the kernel is the layer of software that is responsible for making the hardware in you're computer work. (like virtual-memory, hard drive access...)
In what language a Kernel is Written ?
Often is a mix of C, ASM and some low level machine language.
How the kernel is separated from user application ?
The ISA have two mods:
privileged -> all of the instructions on the machine level are accessible
unprivileged -> only some low level machine instructions are accessible.
In fact the Kernel is protected by implementing a separation at the software level. The kernel setting up the virtual memory and ensure that it can access the address space of any process BUT no process can directly reference to the kernel memory.
Kernel-land memory -> User-land memory
The code running in the Kernel-Land HAVE FULL PRIVILEGES AND CAN ACCESS ANY VALID MEMORY ADDRESS ON THE SYSTEM
but the code executing in the User-land theoretically can't access to the space of the Kernel
BUT how people can access to the Kernel-land ???
Users are identified by a unique value often a number (userid)
the Administrator/Root/userid=O have the right to modify the Kernel
BUT the Kernel is super important and sensible why some people need to touch it ???
Kernel=code
and code need to be updated or patched or adding features such as support for new devices
And now you know why an attacker reaaalllllyyyy want to have this privilege
If you have some questions regarding this topic or any other low-level subject my DM are open.
What's is a Kernel ?
In simple terms the kernel is the layer of software that is responsible for making the hardware in you're computer work. (like virtual-memory, hard drive access...)
In what language a Kernel is Written ?
Often is a mix of C, ASM and some low level machine language.
How the kernel is separated from user application ?
The ISA have two mods:
privileged -> all of the instructions on the machine level are accessible
unprivileged -> only some low level machine instructions are accessible.
In fact the Kernel is protected by implementing a separation at the software level. The kernel setting up the virtual memory and ensure that it can access the address space of any process BUT no process can directly reference to the kernel memory.
Kernel-land memory -> User-land memory
The code running in the Kernel-Land HAVE FULL PRIVILEGES AND CAN ACCESS ANY VALID MEMORY ADDRESS ON THE SYSTEM
but the code executing in the User-land theoretically can't access to the space of the Kernel
BUT how people can access to the Kernel-land ???
Users are identified by a unique value often a number (userid)
the Administrator/Root/userid=O have the right to modify the Kernel
BUT the Kernel is super important and sensible why some people need to touch it ???
Kernel=code
and code need to be updated or patched or adding features such as support for new devices
And now you know why an attacker reaaalllllyyyy want to have this privilege
If you have some questions regarding this topic or any other low-level subject my DM are open.
![[Image: intelfetch-render.gif]](https://external-content.duckduckgo.com/iu/?u=https://i.ibb.co/hxRW00Ry/intelfetch-render.gif)
