The introduction of Rust into the Linux kernel allows to write kernel drivers in Rust, which we can use to build a kernel-level EDR. This post explores this possibility by designing various checks to detect kernel-level rootkits and implementing them using the kernel’s Rust API. We then discuss the experience of developing in Rust within the Linux kernel.

Centralized Memory was a hard Linux pwn challenge created for the European Cyber Week CTF 2023 qualifiers. This write-up covers the intended method of exploitation through a race condition, an AES padding bug and a stack overflow.

In this blogpost, we introduce the analysis of one SMB implementation: kSMBd. It will be followed up by a talk at OffensiveCon 2023 named “Abusing Linux in-kernel SMB server to gain kernel remote code execution”.