Linux Kernel Internals and Development

Description

This intermediate level course covers the internals of the Linux kernel and kernel module development with emphasis on security. It covers internal algorithms, data structures, programming interfaces, relevant parts of the latest Linux kernel source code and real world use cases from an offensive and defensive security perspective.

Attendees learn about the internal operations of the Linux kernel, kernel development toolchain, kernel module development, kernel execution contexts, process and kernel virtual address space, user-kernel interfaces, virtual file system interface, kernel synchronization mechanisms and kernel debugging.

In the hands-on labs attendees use built-in tools to peek into the kernel and use kernel programming interfaces to implement various functionality as loadable kernel modules (LKM). Attendees build, deploy, test and debug these LKMs on the latest 64-bit Linux kernel.

This security-focused course does NOT cover aspects of the Linux kernel that are related to hardware driver development.

Duration

5 days

Target audience

This intermediate course is designed for security researchers, malware/rootkit analysts, red-teamers and blue-teamers, digital forensic analysts working with modern Linux systems.

Learning goals

Upon completion of this course, students should be able to:

  • Describe the different components of the Linux kernel.
  • Develop, build, test and debug Linux kernel modules.
  • Implement offensive and defensive security related functionality in kernel modules.
  • Identify the appropriate kernel programming interfaces to perform development tasks.
  • Retrieve security information from the kernel using various commands.
  • Examine crash dumps and identify the cause of the crash in kernel modules.
  • Build the foundation to attend the Linux Kernel Attack and Defense (LKAD) course.

Prerequisites

To get the full benefit from this developer oriented training course attendees must be:

  • Proficient in C programming language.
  • Comfortable with Linux command line tools.
  • Familiar with Linux development tools such as gcc and make.
  • Working knowledgeable of pointers, structures, arrays, linked lists etc.

Technology requirements

  • Virtualization capable host system running Linux, Windows.
  • Visual Studio Code or any other code editor.
  • VMWare Workstation 17.x.
  • Students will be provided with a pre-configured Linux VM.
  • All other software and tools are provided on the first day of class.

Topics

  • Foundations
  • Development Environment
  • Module Development
  • Execution
  • Process Memory Management
  • User Kernel Interfaces
  • Driver Interfaces
  • Kernel Memory Management
  • Synchronization
  • Debugging
Please contact us for a detailed list of topics and hands-on lab exercises.