Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 12 Oct 2016 15:31:33 -0700
From: Kees Cook <keescook@...omium.org>
To: "kernel-hardening@...ts.openwall.com" <kernel-hardening@...ts.openwall.com>
Subject: Re: self introduction

On Tue, Oct 11, 2016 at 8:19 PM, Gengjia Chen <chengjia4574@...il.com> wrote:
> Hi all,

Hi, welcome!

> My name is Jiayy (@chengjia4574). I am currently a security researcher in
> android and linux kernel. My researches  consist on hunting vulnerabilities
> in kernel code (most of them within drivers) and doing exploits using those
> vulns.
> I had found more than 40 vulnerabilities which were confirmed by Android
> Security Team
> in the past year. I also figured out some way to attack mitigation solutions
> of kernel
> (such as Bypass PXN).

In your research have you seen a common kind of bug that results in
the vulnerabilities you find? Is there anything that would have
significantly made exploitation more difficult in the things you
worked on?

> Those works help me get familiar with the kernel(device tree, memory
> management,
> network , some features especially those associated with security such as
> pxn, selinux, seccomp) and ARM instruction. However, it is not enough to get
> involved in real security development in kernel. Therefore, I am looking for
> task
> I can accomplish to be involved into real kernel development!  Recently I
> found
> this project (kernel self protection) and I thought it is so interesting.
>
> I don't know whether I can involve and  where I can begin, I am looking
> forward to
> your response.

Are you interested mostly in ARM-specific things? Are you interested
in kernel-assisted userspace defenses too?

-Kees

-- 
Kees Cook
Nexus Security

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.