Contact

Name: Andrey Konovalov

Email: andreyknvl@gmail.com

PGP: keybase.io

Twitter: @andreyknvl

GitHub: @xairy

Conferences

2019, OffensiveCon: Coverage-Guided USB Fuzzing with Syzkaller [slides] [video]

2017, PHDays: How to find 0days in the Linux kernel [slides]

2015, LinuxCon North America: KernelAddressSanitizer (KASan): a fast memory error detector for the Linux kernel [slides]

Exploit Writeups

CVE-2017-7308: Exploiting the Linux kernel via packet sockets [article]

CVE-2016-2384: Exploiting a double-free in the USB-MIDI Linux kernel driver [article]

Github

github.com/xairy/kernel-exploits (Proof-of-concept exploits for the Linux kernel)

github.com/xairy/linux-kernel-exploitation (A collection of links related to Linux kernel exploitation)

github.com/xairy/vmware-exploitation (A collection of links related to VMware escape exploits)

github.com/xairy/easy-linux-pwn (A set of Linux binary exploitation tasks for beginners on various architectures)

github.com/xairy/unlockdown (Disabling kernel lockdown on Ubuntu without physical access)

Kernel

Linux kernel commits list

Hardware Village

2019, PHDays: Introduction to USB Hacking [slides] [video]

2019, PHDays: Introduction to PCI Express and DMA attacks [slides] [video]

2018, PHDays: Introduction to USB hacking [slides]

2018, Chaos Constructions: Introduction to USB hacking [slides]

2017, Chaos Constructions: Linux USB fuzzing [slides]

2017, ZeroNights: Fuzzing the Linux kernel [slides]

Various

2018, DC4822: Syzkaller: coverage-guided fuzzer for the Linux kernel [slides]

2015: KernelThreadSanitizer (KTSAN): a data race detector for the Linux kernel [slides]

2014: Автоматический поиск состояний гонок в ядре ОС Linux [slides] [rus]

2013: AddressSanitizer for Linux Kernel [slides]

Thesis

2016: Автоматический поиск состояний гонок в ядре ОС Linux [slides] [paper] [rus]

2014: Автоматический поиск ошибок работы с динамической памятью в ядре ОС Linux [slides] [paper] [rus]

Teaching

2014-2016, MIPT CTF: A small course on CTF (wargames) for beginners [course] [rus]