Kernel crash logs from an in-the-wild Android exploit represent a rare window into real-world attacker techniques - but without a corresponding exploit sample, deriving insight from these limited artifacts is a substantial technical challenge. In this presentation, I’ll bring you along on a journey from kernel crash log analysis, to classical vulnerability research, to an ITW bug report, as we push our analysis abilities to the limit and beyond. I’ll finish with a brief discussion on what we can infer about the exploit strategy from the kernel logs.
Seth is a security researcher at Google Project Zero. He primarily focuses on Linux kernel and Android zero-day research but has dabbled in a variety of architectures, operating systems, and software. He particularly enjoys innovating novel strategies for exploit development.