tags:linuxkernellearning_resourcemethodology original link: So You Wanna Find Bugs In The Linux Kernel newsletter link: exploits.club Weekly Newsletter 26


Exploits Club Summary:

@sam4k1 uploaded his TyphoonCon 24 slides on attacking the Linux Kernel. The slides first provide a wealth of knowledge on the state of the kernel VR before diving into specifics. It covers what makes a good subsystem to target, auditing workflow, and the use of tooling like syzcaller and CodeQL. The presentation ends with a case study, demonstrating the outlined process in action. Sam picked an interesting subsystem, performed a code audit, identified limitations in the current fuzzing coverage, modified syzcaller, and dropped a bug.