Linux OS Exploits Competency (Intermediate Level)

  • 18m
  • 18 questions
The Linux OS Exploits Competency benchmark measures whether a learner has had some exposure in generic Linux operating system distributions, practices, and principles, and some working experience and exposure to common OS exploits and techniques. A learner who scores high on this benchmark demonstrates competency in some areas of Linux exploits analysis and tooling.

Topics covered

  • apply flags to the gcc compiler to catch string weaknesses by converting warnings into errors
  • describe a program's structure in memory in terms of address space layout
  • describe architectural considerations based on the targeted platform
  • describe how data and functionality are protected by separating computing resources
  • describe how strings are exploited in computer programs
  • describe how strings executed dynamically can lead to vulnerabilities
  • describe methods and goals for allocating memory
  • describe safeguards and considerations when running insecure programs in virtual environments
  • describe the GNU C Library (glibc) and how it integrates with the Linux kernel
  • describe the main components of the Linux system call table
  • discuss how data and functionality are protected within the Linux operating system by kernel and userland separation
  • establish an approach to using virtual environments to stage exploits
  • illustrate the weaknesses caused by string formatting methods
  • investigate what it means to overflow the heap
  • perform a string buffer overflow in a C program
  • recognize and avoid stack buffer overflows
  • recognize and correct weaknesses introduced by poorly implemented string copies
  • recognize escape vulnerabilities from virtual machines to hosts