Home

djrbliss, Dan Rosenberg

IRL Name: 
Dan Rosenberg
Biography: 

Dan Rosenberg is a security researcher who is known for his kernel exploits. Together with Jon Oberheide, they demonstrated an exploit technique coined Stackjacking against a customized Linux kernel hardened with the grsecurity patchset. The attack was questionable since they used a modified kernel rather than a standard Grsecurity hardened kernel with a previously known exploit. He is also the author of FuzzDiff which is a tool that helps make crash analysis during file format fuzzing easier.

Facts

Credited for the following: Linux kernel CAP_SYS_ADMIN to root, CVE-2011-2707, CVE-2011-2210, CVE-2011-1770, Linux kernel DEC Alpha privilege escalation (CVE-2011-2211), and many more to mention (http://vulnfactory.org/vulns/)

He developed libplayground, a simple framework to test attacks (ranging from an arbitrary heap overflow to an off-by-one NULL byte) against Linux kernel's SLOB allocator

By the time they tried to milk their stackjacking talk at Infiltrate, spender and Team PaX had already killed their technique

Rumors

Could not get Stackjacking to work against a real life Grsecurity hardened kernel, so introduced their own bug to fool the masses

Pictures: 
References

https://twitter.com/djrbliss

https://github.com/jonoberheide/stackjacking

http://vulnfactory.org/

https://www.linkedin.com/in/danjrosenberg

https://github.com/djrbliss