2024-09-27 –, Main Track
The EBPF subsystem of linux aims to to make the kernel more extensible by allowing userland to submit custom 'EBPF' program that can be hooked to various kernel events. The security verifier of EBPF aims to prevent any dangerous programs from being accepted and ran - however this verifier is subject to a variety of bugs, allowing unsafe programs to be introduced into a kernel context.
Traditional fuzzers in the area, particularly syzkaller, do not interface particularly well with the EBPF subsystem, due to EBPF being very highly structured. As such, this talk covers my own custom fuzzer targeted towards EBPF, talking about the design choices used to accurately model the system, and the various issues encountered alongside development.
Zac is a third-year comp-sci student at UNSW - an active part of the community at the uni, he has a love for all things binary exploitation.
Willing to ramble to anyone who'll hear him out, you might've seen him talking at various conferences around Aus.
If not tinkering with his latest project, he can be found playing CTFs with Emu Exploit.