About

Andrey Konovalov is a software security engineer focusing mostly on fuzzers, exploits, and mitigations for the Linux and Android kernels. Other areas of interest include hardware hacking and lockpicking.

Email: andreyknvl@gmail.com

PGP: keybase.io

Twitter: @andreyknvl

GitHub: @xairy

Telegram: @xairylog [ru]

Conference Talks

2020, Android Security Symposium: Memory Tagging for the Kernel: Tag-Based KASAN [slides] [video]

2019, OffensiveCon: Coverage-Guided USB Fuzzing with Syzkaller [slides] [video]

2017, PHDays: How to find 0days in the Linux kernel [slides]

2015, LinuxCon North America: KernelAddressSanitizer (KASan): a fast memory error detector for the Linux kernel [slides]

Exploit Writeups

CVE-2017-18344: arbitrary-read vulnerability in the timer subsystem [announcement]

CVE-2017-1000112: Exploitable memory corruption due to UFO to non-UFO path switch [announcement]

CVE-2017-7308: Exploiting the Linux kernel via packet sockets [article]

CVE-2017-6074: DCCP double-free vulnerability (local root) [announcement]

CVE-2016-2384: Exploiting a double-free in the USB-MIDI Linux kernel driver [article]

Github

github.com/xairy/kernel-exploits (My proof-of-concept exploits for the Linux kernel)

github.com/xairy/linux-kernel-exploitation (A collection of links related to Linux kernel exploitation)

github.com/xairy/vmware-exploitation (A collection of links related to VMware escape exploits)

github.com/xairy/easy-linux-pwn (A set of Linux binary exploitation tasks for beginners on various architectures)

github.com/xairy/unlockdown (Disabling kernel lockdown on Ubuntu without physical access)

Open Source Contributions

Linux kernel [commits]

syzkaller [commits]

Hardware Village

2016-2020: Introduction to USB Hacking [materials]

2019: Introduction to PCIe and DMA attacks [materials]

Other Smaller Talks

2018, DC4822: Syzkaller: coverage-guided fuzzer for the Linux kernel [slides]

2015: KernelThreadSanitizer (KTSAN): a data race detector for the Linux kernel [slides]

2014: Автоматический поиск состояний гонок в ядре ОС Linux [ru] [slides]

2013: AddressSanitizer for Linux Kernel [slides]

Thesis

2016, Master: Автоматический поиск состояний гонок в ядре ОС Linux [ru] [slides] [paper]

2014, Bachelor: Автоматический поиск ошибок работы с динамической памятью в ядре ОС Linux [ru] [slides] [paper]

Teaching

2014-2016, MIPT: A small course on CTF (wargames) for beginners [ru] [course]