Book of the Month – A Guide to Kernel Exploitation

Anyone into Vulnerability Research and Exploitation knows how hard it is to discover a Security Vulnerability and then develop a reliable exploit for it. Now consider taking it from user land to kernel, the near impossible thing to get your shoes in for the show.

In that context, ‘A Guide to Kernel Exploitation’ new & unique book on this topic, attempts to bridge this knowledge gap and make that transition from user land to Kernel smoother and smarter than ever.



Here is the core information about this book

  • Title: A Guide to Kernel Exploitation – Attacking the Core
  • Author: Enrico Perla, Massimiliano Oldani
  • Publisher: Syngress
  • Hardcover: 442 pages
  • Price: $29 (as of this writing)
  • Release Date: September 15, 2010
  • Rating(Amazon):


Here is the table of contents

  • Part I: A Journey to Kernel Land
    • Chapter 1: From User-Land to Kernel-Land Attacks
    • Chapter 2: A Taxonomy of Kernel Vulnerabilities
    • Chapter 3: Stairway to Successful Kernel Exploitation
  • Part II: The UNIX Family, Mac OS X, and Windows
    • Chapter 4: The UNIX Family
    • Chapter 5: Mac OS X
    • Chapter 6: Windows
  • Part III: Remote Kernel Exploitation
    • Chapter 7: Facing the Challenges of Remote
    • Chapter 8: Putting It All Together: A Linux Case Study
  • Part IV: Final Words
    • Chapter 9: Kernel Evolution: Future Forms of Attack


First part of the book deals with technical jargon’s and caveats involved in the transition from user to kernel land attacks. It explains how it is entirely different from dealing with user-land and explains kernel perspective of various exploitation stuffs such as stack/heap overflow, virtual memory, crafting shell code,  multi-stage shellcodes, privilege handling etc.


Second part covers kernel basics on all 3 important Operating Systems Windows, Unix & MAC OS. Though it will be difficult to cover everything in one book but it does a fair job in tracking most of the stuffs required for kernel exploitation. Third section goes straight with Kernel remote exploitation describing everything you need to know to finish the game successfully. It also brings in a excellent case study with complete analysis of remote Kernel SCTP exploit for Linux. Finally it ends with various defensive measures for protecting your Kernel and possible advancements in the Kernel attacks in a near future surrounding Virtualization & Hypervisors.


Here are the Highlights

  • Practical, Latest & Great source for Kernel Exploitation
  • Covers Kernels from 3 important OS families –  Windows, Linux & MAC
  • Includes great case study of remote Kernel SCTP exploit.
  • Filled with more than few spelling mistakes, you can look at Errata here


To summarize, this is a great source to begin your journey into Kernel exploitation and well worth the price it is set for !

For other reviews on top security books look at our complete  ‘Book of the Month’ list.


eBook Link 1 :

eBook Link 2 :

eBook Link 3 :

Similar posts
  • Computer Security Tips: Stay Safe Onl... In recent times cyber security has raised the level of awareness and public consciousness as never before. Both large corporations and big organizations try to take care of online security as much as they can. That’s why cyber criminals and hackers have focused more on smaller companies and single entrepreneurs. This awful tendency leads to [...]
  • SecurityXploded Mentorship Programme ... I am writing this blog to share my SecurityXploded Student Mentorship Programme experience with the future students of this programme. My mentorship programme started last year in August when I was in 2nd year of MS at IIIT-Allahabad. I knew about SecurityXploded community since I used to follow their blogs, training programmes and security tools [...]
  • Code Injection and API Hooking Techni... Hooking covers a range of techniques used for many purposes like debugging, monitoring, intercepting messages, extending functionality etc. Hooking is also used by a lot of rootkits to camouflage themselves on the system. Rootkits use various hooking techniques when they have to hide a process, hide a network port, redirect file writes to some different [...]
  • Announcement – SecurityXploded ... From the past two years we are working actively on couple of projects to support the security community. As you all may already know that we have successfully completed our reversing and malware analysis training programme and we are very glad that it was very helpful for everyone. In my opinion the success of any [...]
  • Advanced Malware Analysis Training Se... Here is the quick update on this month’s Local Security meet (SX/Null/G4H/owasp) and our advanced malware training session on (Part 2) Dissecting the HeartBeat  RAT Functionalities   This is part of our FREE ‘Advanced Malware Analysis Training’ series started from Dec 2012.       In this extended session, I explained “Decrypting various Communications Of HeartBeat [...]

Leave a Reply

Our Company

Follow us on Facebook

Join Mailing List

Get direct access to our expert trainers or mingle with like minded security folks in our mailing list