Monday, March 17, 2025
HomeCyber SecurityTrick & Deal with! πŸŽƒ Paying Leets and Sweets for Linux Kernel...
Cyber Security

Trick & Deal with! πŸŽƒ Paying Leets and Sweets for Linux Kernel privescs and k8s escapes

Yalini
By Yalini
0
256
Trick & Deal with! πŸŽƒ Paying Leets and Sweets for Linux Kernel privescs and k8s escapes

[ad_1]

We’re consistently investing within the safety of the Linux Kernel as a result of a lot of the web, and Googleβ€”from the units in our pockets, to the companies operating on Kubernetes within the cloudβ€”rely upon the safety of it. We analysis its vulnerabilities and assaults, in addition to research and develop its defenses.

However we all know that there’s extra work to do. That’s why now we have determined to construct on high of our kCTF VRP from final yr and triple our earlier reward quantities (for at the very least the following 3 months).

Our base rewards for every publicly patched vulnerability is 31,337 USD (at most one exploit per vulnerability), however the reward can go as much as 50,337 USD in two circumstances:

  • If the vulnerability was in any other case unpatched within the Kernel (0day)
  • If the exploit makes use of a brand new assault or method, as decided by Google

We hope the brand new rewards will encourage the safety group to discover new Kernel exploitation strategies to attain privilege escalation and drive faster fixes for these vulnerabilities. It is very important observe, that the simplest exploitation primitives aren’t out there in our lab setting as a result of hardening carried out on Container-Optimized OS. Notice this program enhances Android’s VRP rewards, so exploits that work on Android may be eligible for as much as 250,000 USD (that is along with this program).

The mechanics are:

  1. Connect with the kCTF VRP cluster, acquire root and browse the flag (learn this writeup for the way it was carried out earlier than, and this risk mannequin for inspiration), after which submit your flag and a checksum of your exploit on this type.
  2. (If relevant) report vulnerabilities to upstream.
  • We strongly advocate together with a patch since that would qualify for an further reward from our Patch Reward Program, however please report vulnerabilities upstream promptly when you verify they’re exploitable.
  • Report your discovering to Google VRP as soon as all patches are publicly out there (we do not need to obtain particulars of unpatched vulnerabilities forward of the general public.)
    • Present the exploit code and the algorithm used to calculate the hash checksum.
    • A tough description of the exploit technique is welcome.

    Experiences shall be triaged on a weekly foundation. If anybody has issues with the lab setting (if it is unavailable, technical points or different questions), contact us on Discord in #kctf. You’ll be able to learn extra particulars about this system right here. Blissful searching!

    [ad_2]

    Previous article
    Finest DJI GO 4 app alternate options to fly DJI Mavic drones
    Next article
    Construct your future-ready hybrid office with a VDI answer from HPE, Wipro and Citrix
    Yalini
    Yalinihttps://kopivy.com
    RELATED ARTICLES

    LEAVE A REPLY

    Please enter your comment!
    Please enter your name here

    Most Popular

    Load more

    Recent Comments

    ABOUT US

    kopivy is your news, Technology , Software Development, Artificial Intelligence, SEO website. We provide you with the latest breaking news and videos straight from the Tech industry.

    POPULAR POSTS

    POPULAR CATEGORY

    Copyright Β© 2021 kopivy.com All rights reserved