SKILL BENCHMARK
Linux OS Exploits Competency (Intermediate Level)
- 18m
- 18 questions
The Linux OS Exploits Competency benchmark measures whether a learner has had some exposure in generic Linux operating system distributions, practices, and principles, and some working experience and exposure to common OS exploits and techniques. A learner who scores high on this benchmark demonstrates competency in some areas of Linux exploits analysis and tooling.
Topics covered
- apply flags to the gcc compiler to catch string weaknesses by converting warnings into errors
- describe a program's structure in memory in terms of address space layout
- describe architectural considerations based on the targeted platform
- describe how data and functionality are protected by separating computing resources
- describe how strings are exploited in computer programs
- describe how strings executed dynamically can lead to vulnerabilities
- describe methods and goals for allocating memory
- describe safeguards and considerations when running insecure programs in virtual environments
- describe the GNU C Library (glibc) and how it integrates with the Linux kernel
- describe the main components of the Linux system call table
- discuss how data and functionality are protected within the Linux operating system by kernel and userland separation
- establish an approach to using virtual environments to stage exploits
- illustrate the weaknesses caused by string formatting methods
- investigate what it means to overflow the heap
- perform a string buffer overflow in a C program
- recognize and avoid stack buffer overflows
- recognize and correct weaknesses introduced by poorly implemented string copies
- recognize escape vulnerabilities from virtual machines to hosts
