Kernel Tales: Security Testing of aarch64 Android Kernels

Presented at BruCON 0x07 (2015), Oct. 8, 2015, 4:30 p.m. (120 minutes)

Kernel Tales explores a possible approach to security assessment of Android embedded systems, or mobile devices, with a specific focus on vulnerability research and fuzzing of aarch64 Kernels. Inspired by a real assessment experience, we analyze two different approaches to fuzzing. During the workshop, we introduce and use one of the most popular and valid fuzzer, tune and customize our toolset and finally test directly on the ARM64 emulator and a real development board (ODROID). Another important topic, briefly introduced, is kernel hacking; we load the kernel into Eclipse IDE and Understand to facilitate code reading and navigation. Then, we learn how cross compile for ARM and deploy the kernel to the emulator or by flashing it to the board.


  • Vito Rallo
    Vito works as Senior Manager (Security Consulting) for PwC. He spent the last 8 years in the security field as a Senior Managing Consultant and Leader for IBM in the Cyber Security Assessment and Response global team with focus on: infrastructure, Web and Mobile Security Assessment. By growing his knowledge across the years and facing real life exciting challenges, he became a recognized asset in Mobile Hacking. He has worked in IT for more than 17 years, started as a freelance consultant, developer, trainer, moved to Networking and finally landed into Security as a product specialist and evangelist for IPS before embracing the challenge of ethical hacking. Vito is university graduated with a Master Degree in Computer Science (MSc) followed by a private Master in Networking for Enterprises and Carries, former Certified IT Specialist, Cisco, GIAC/SANS, EC-Council/CEH certified. Twitter: @vitorallo Personal security blog: LinkedIn:


Similar Presentations: