Andrey Konovalov is a software security engineer focusing mostly on fuzzers, exploits, and mitigations for the Linux and Android kernels. Other areas of interest include hardware hacking and lockpicking.



Twitter: @andreyknvl

GitHub: @xairy

Telegram: @xairylog [ru]

Conference Talks

2020, Android Security Symposium: Memory Tagging for the Kernel: Tag-Based KASAN [slides] [video]

2019, OffensiveCon: Coverage-Guided USB Fuzzing with Syzkaller [slides] [video]

2017, PHDays: How to find 0days in the Linux kernel [slides]

2015, LinuxCon: KernelAddressSanitizer: a fast memory error detector for the Linux kernel [slides]

Exploit Writeups

CVE-2017-18344: arbitrary-read vulnerability in the timer subsystem [announcement]

CVE-2017-1000112: Memory corruption due to UFO to non-UFO path switch [announcement]

CVE-2017-7308: Exploiting the Linux kernel via packet sockets [article]

CVE-2017-6074: DCCP double-free vulnerability (local root) [announcement]

CVE-2016-2384: Exploiting a double-free in the USB-MIDI Linux kernel driver [article]

Github (My proof-of-concept exploits for the Linux kernel) (A collection of links related to Linux kernel exploitation) (A collection of links related to VMware escape exploits) (A set of Linux binary exploitation tasks on various architectures) (Disabling kernel lockdown on Ubuntu without physical access)

Open Source Contributions

Linux kernel [commits]

syzkaller [commits]

Hardware Village

2016-2020: Introduction to USB Hacking [materials]

2019: Introduction to PCIe and DMA attacks [materials]

Other Smaller Talks

2018, DC4822: Syzkaller: coverage-guided fuzzer for the Linux kernel [slides]

2015: KernelThreadSanitizer (KTSAN): a data race detector for the Linux kernel [slides]

2014: Автоматический поиск состояний гонок в ядре ОС Linux [ru] [slides]

2013: AddressSanitizer for Linux Kernel [slides]


2016, Master: Автоматический поиск состояний гонок в ядре ОС Linux [ru] [slides] [paper]

2014, Bachelor: Автоматический поиск ошибок работы с динамической памятью в ядре ОС Linux [ru] [slides] [paper]


2014-2016, MIPT: A small course on CTF (wargames) for beginners [ru] [course]