<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Security on Prepakis Georgios | Kernelstub | Security Researcher</title><link>https://blog.kernelstub.dev/tags/security/</link><description>Recent content in Security on Prepakis Georgios | Kernelstub | Security Researcher</description><generator>Hugo</generator><language>en-US</language><lastBuildDate>Thu, 27 Mar 2025 00:00:00 +0000</lastBuildDate><atom:link href="https://blog.kernelstub.dev/tags/security/index.xml" rel="self" type="application/rss+xml"/><item><title>Advanced Linux Kernel Exploitation Techniques</title><link>https://blog.kernelstub.dev/posts/advanced-linux-kernel-exploitation-techniques/</link><pubDate>Thu, 27 Mar 2025 00:00:00 +0000</pubDate><guid>https://blog.kernelstub.dev/posts/advanced-linux-kernel-exploitation-techniques/</guid><description>&lt;h2 id="introduction-to-linux-kernel-exploitation"&gt;Introduction to Linux Kernel Exploitation&lt;/h2&gt;
&lt;p&gt;Kernel exploitation sits at the top of the difficulty curve in offensive security, and for good reason. Userspace bugs get you code execution as some unprivileged process, but the kernel runs at Ring 0 (or EL1, if you&amp;rsquo;re on ARM) with unrestricted access to physical memory, every process&amp;rsquo;s address space, and every privilege check on the system. Pop a bug in the kernel and you&amp;rsquo;re not just compromising an application, you&amp;rsquo;re compromising the thing that enforces the rules for every application on the box. That&amp;rsquo;s why a single kernel LPE (local privilege escalation) bug is often worth more on the exploit market than a browser RCE: it&amp;rsquo;s the last mile between &amp;ldquo;I have a foothold&amp;rdquo; and &amp;ldquo;I own the machine.&amp;rdquo;&lt;/p&gt;</description></item><item><title>Advanced Windows Kernel Debugging Techniques</title><link>https://blog.kernelstub.dev/posts/advanced-windows-kernel-debugging-techniques/</link><pubDate>Mon, 10 Mar 2025 00:00:00 +0000</pubDate><guid>https://blog.kernelstub.dev/posts/advanced-windows-kernel-debugging-techniques/</guid><description>&lt;p&gt;Kernel debugging is a different animal from the user-mode debugging most developers grow up with. You can&amp;rsquo;t just attach a debugger to a live kernel the way you&amp;rsquo;d attach to a misbehaving process, because the kernel is the thing that&amp;rsquo;s supposed to be managing every process on the box, including the debugger&amp;rsquo;s own. If it halts, everything halts. So Windows solves this the old-fashioned way: two machines. One is the &amp;ldquo;target,&amp;rdquo; the system whose kernel you actually want to inspect. The other is the &amp;ldquo;host,&amp;rdquo; running WinDbg, connected over a transport that survives the target being frozen mid-instruction: a network link, a serial cable, or USB. When you set a breakpoint and it hits, the &lt;em&gt;entire target machine&lt;/em&gt; stops, not just one process, and control passes to your host over that wire. That&amp;rsquo;s the mental model to keep in the back of your head for everything that follows: you&amp;rsquo;re not debugging a program, you&amp;rsquo;re debugging an operating system from the outside, one machine talking to another.&lt;/p&gt;</description></item><item><title>Advanced Cryptography Concepts via Classical to Post-Quantum</title><link>https://blog.kernelstub.dev/posts/advanced-cryptography-concepts-via-classical-to-post-quantum/</link><pubDate>Tue, 14 Jan 2025 00:00:00 +0000</pubDate><guid>https://blog.kernelstub.dev/posts/advanced-cryptography-concepts-via-classical-to-post-quantum/</guid><description>&lt;p&gt;Cryptography has a strange history for a field that&amp;rsquo;s now load-bearing for the entire internet. A lot of the number theory underneath it was developed by mathematicians who were doing pure math for its own sake, with zero interest in secrets or spies. Then, starting in the 1970s, people realized that certain &amp;ldquo;hard&amp;rdquo; problems in number theory (the kind that are easy to state but brutal to solve at scale) were exactly what you needed to build systems where two strangers could agree on a secret over a public channel, or where you could prove your identity without ever handing over a password. This post is a walk through that stack, from the classical number-theoretic foundations, through the protocols built on top of them, and finally into the post-quantum schemes that exist because a sufficiently large quantum computer would tear a hole through most of what came before.&lt;/p&gt;</description></item></channel></rss>