< NULLCON 2025 - GOA />

About the Speaker

CFP CTF Live Bug Hunting Recordings Registration Schedule Speakers Sponsors Training Venue
GO BACK
img
Alla Vamsi Krishna
Project Assistant Indian Institute of Science, Bengaluru
img
Kandi Abhishek Reddy
Security Researcher Team bi0s

< Talk Title />

Kernel Conquest: Breaking Boundaries and Demystifying Kernel SU for Root Access in Azure Cloud Shell

< Talk Category />

Technical Speakers

< Talk Abstract />

The presentation will explore Use-After-Free vulnerability and novel RCU techniques found in the Netfilter module of kernel 5.10.102.2-microsoft-standard and prior versions of 6.9, that Azure Cloud Shell runs on. Upon successful exploitation of kernel vulnerabilities, an attacker can gain elevated privileges to their own Cloudshell environment, potentially leading to container escape within user’s session and elevated access to user’s cloud resources.Azure Cloudshell runs on non-shared kernel using isolated hypervisor VM. Due to the single-tenant hypervisor security boundary, accessing the host within the container VM does not lead to cross-tenant access, but grants access within the user's session.

 

The talk covers technical aspects of the vulnerability root cause, including exploitation techniques to gain elevated privileges in the user’s own Cloudshell environment. The session will examine broader implications of such vulnerabilities and their mitigations in multi-tenant cloud infrastructures. Finally, a demo will be showcased as proof of concept.

 

This vulnerability was disclosed responsibly to Microsoft and has been mitigated. This talk emphasizes the importance of securing kernel modules and demonstrates how proactive research can uncover and address critical risks in widely used cloud platforms. Attendees will gain valuable insights into cloud security, kernel exploitation, and the significance of vulnerability research.

< Speaker Bio />

Vamsi Krishna's Bio

Alla Vamsi Krishna is a Research associate at IISc. Machine learning enthusiast

Abhishek's Bio

I am Kandi Abhishek Reddy, a graduate of Amrita Vishwa Vidyapeetham, Bangalore, specialization in Computer Science and Electronics Engineering. Currently, I work as a security researcher with Team bi0s, India's top-ranked Capture the Flag (CTF) team and cybersecurity research community, as well as a full-time software engineer at NOKIA as a subcontractor.

I have a strong focus and interests on binary exploitation and digital forensics, I have many accomplishments through hands-on experience in CTF competitions, where I have achieved significant milestones. Additionally, I have successfully identified and reported vulnerabilities to Microsoft, contributing to real-world security improvements.

Passionate about continuous learning, I am always seeking new challenges and opportunities to grow in the rapidly evolving fields of cybersecurity and technology.