Introduction to Linux Kernel Security - pwn.college LLC Trainers - DCTLV2026
Name of Training: Introduction to Linux Kernel Security
Trainer(s): pwn.college LLC Trainers
Dates: August 10-11, 2026
Time: 8:00 am to 5:00 pm
Venue: Las Vegas Convention Center
Cost: $3,500
Short Summary:
A practical, intermediate course on Linux kernel security and exploitation fundamentals. Overwhelming majority of class time is hands-on in an interactive, browser-based environment (no local setup), building real skills that students can keep practicing after the training with continued platform access.
Course Description:
This course teaches the core techniques and workflows behind Linux kernel security and exploitation using a sequence of focused, applied labs. Students analyze common kernel interfaces (`procfs`, character devices, IOCTLs), recognize dangerous patterns (state machines, unchecked copies, function-pointer adjacency), and practice safe, repeatable methods to gain control and escalate privileges inside a controlled environment.
The pwn.college philosophy is simple: mastery comes from doing. We minimize lecture and maximize keyboard time. All labs run in a browser-based, self-contained environment with compilers, editors, and terminals—no local installs required—and access continues after class so students can revisit, review, and refine.
Course Outline:
# Day 1 — Foundations and Controlled Primitives
- **Kernel model & syscall path**
- Memory model and privilege rings at a conceptual level (userspace ↔ kernel transition, syscall path)
- **Environment & debugging workflow**
- Build/launch QEMU + BusyBox environment; attach gdb (remote :1234)
- Load kernel symbols or inspect `/proc/kallsyms`
- Stepping from user → kernel
- **Character devices & `procfs` basics (hands-on)**
- Device file interaction patterns
- Simple state machines
- `printk`/`dmesg` triage and safe observation
- **IOCTL interaction patterns (hands-on)**
- Command codes and argument structs
- `copy_from_user` / `copy_to_user` patterns and common pitfalls
- Handling of pointers passed via ioctl.
- **Privilege & kernel-API payloads**
- Conceptual representation of credentials
- Reasoning about `prepare_kernel_cred(0)` / `commit_creds(...)`
- Why `syscall` from kernel space crashes
- Calling kernel APIs (indirect absolute calls)
- Constructing payloads that return cleanly
# Day 2 — Memory Corruption and Advanced Workflows
- **Function-pointer overwrite **
- Adjacent-field overflows, callback clobbering, redirecting to in-kernel helpers, validating stability.
- **KASLR-aware reasoning & address discovery**
- Techniques for discovering/deriving useful addresses when symbols are randomized.
- **Seccomp escape workflow**
- How `TIF_SECCOMP` lives in `thread_info.flags`, `gs`-based access to `current`, and practical verification of expanded syscall capability.
- **Page-table walking to recover residual data**
- Inspecting page tables to locate and recover residual/"lost" secrets
- virtual→physical mapping concepts and safe inspection patterns
- **Userspace helper coordination & clean exits**
- Designing userspace helpers that interoperate with kernel code under constrained syscall allow-lists
- Ensuring payloads return cleanly so kernel stability is preserved.
Difficulty Level:
Intermediate - The student has education and some experience in the field and familiarity with the topic being presented. The student has foundational knowledge that the course will leverage to provide practical skills on the topic.
Suggested Prerequisites:
- Comfortable with Linux command line and basic systems programming
- Working knowledge of C, ability to follow simple x86-64 assembly (function calls, stack frames)
- Familiarity with gdb
What Students Should Bring:
- A laptop with a modern web browser (Chrome/Firefox/Safari/Edge)
- Reliable internet access (Wi-Fi or wired)
- That’s it—**no local setup required.**
What the Trainer Will Provide:
- **Browser-based training platform** with all labs, compilers, and tooling pre-installed
- Curated challenge set and stepwise hints (no solution dumps)
- Slides (PDF) and quick reference sheets
- Continued platform access **after the training** for further practice
Trainer(s) Bio:
pwn.college designs and delivers hands-on security education with an emphasis on measurable skill-building. The team builds challenge-driven curricula spanning kernel, binary exploitation, and program analysis, and has authored numerous training labs and CTF challenges used by practitioners and learners worldwide.
Zardus (Yan Shoshitaishvili, PhD) has been part of the DEF CON community since DEF CON 9 (2001) and part of the Shellphish CTF team since DEF CON 17 (2009). He ran DEF CON CTF for four years (2018-2021) with Order of the Overflow, and successfully captained Shellphish through the participation in the DARPA Cyber Grand Challenge, in which they won third place and a spot in history (but not in the Smithsonian). Now he is an Associate Professor of Computer Science at Arizona State University and co-founder of pwn.college, where he has taught tens of thousands of students how to hack.
kanak (Connor Nelson, PhD) is a DEF CON veteran and has been part of the DEF CON CTF community since 2015. He has been a member of the Shellphish CTF team since 2018, and has competed in numerous CTFs around the world. He is the chief architect and co-founder of pwn.college, where he has helped design and deliver education to tens of thousands of students. His research primarily focuses on the intersection between CTF and education, and he has published several papers on the topic.
adamd (Adam Doupé, PhD) is equal parts hacker and educator, seamlessly blending exploits and insights. With deep roots in DEF CON culture, he ran the renowned DEF CON CTF with Order of the Overflow from 2018 to 2021, after competing in several editions with Shellphish. As Director of Arizona State University's Center for Cybersecurity & Trusted Foundations (CTF), he unearths vulnerabilities—including multiple CVEs in Apple's core OS—and transforms complex security topics into digestible, engaging lessons. Winner of the NSF CAREER Award and the ASU Fulton Best Teacher Award, he brings an infectious enthusiasm to cybersecurity education that resonates with both seasoned hackers and new learners alike.
Proficiency Exam Option:
This course has the option for a proficiency certificate add-on. Students who complete 70% or more of the required challenges, including the final exam-specific challenge, will be eligible for a proficiency certificate.
Please reach out to training@defcon.org for any questions related to the proficiency exam and certificate option.
Registration Terms and Conditions:
Trainings are refundable before July 11, 2026, minus a non-refundable processing fee of $250.
Between July 11, 2026 and August 5, 2026 partial refunds will be granted, equal to 50% of the course fee minus a processing fee of $250.
All trainings are non-refundable after August 5, 2026.
Training tickets may be transferred to another student. Please email us at training@defcon.org for specifics.
If a training does not reach the minimum registration requirement, it may be cancelled. In the event the training you choose is cancelled, you will be provided the option of receiving a full refund or transferring to another training (subject to availability).
Failure to attend the training without prior written notification will be considered a no-show. No refund will be given.
DEF CON Training may share student contact information, including names and emails, with the course instructor(s) to facilitate sharing of pre-work and course instructions. Instructors are required to safeguard this information and provide appropriate protection so that it is kept private. Instructors may not use student information outside the delivery of this course without the permission of the student.
By purchasing this ticket you agree to abide by the DEF CON Training Code of Conduct and the registration terms and conditions listed above.
Several breaks will be included throughout the day. Please note that food is not included.
All courses come with a certificate of completion, contingent upon attendance at all course sessions. Some courses offer an option to upgrade to a certificate of proficiency, which requires an additional purchase and sufficient performance on an end-of-course evaluation.
Training Justification Request – DEF CON Training
To: [Manager Name]
From: [Employee Name]
Date: [Date]
Subject: Business Justification for Attendance at DEF CON Training
Dear [manager’s name],
I am requesting approval to attend DEF CON Training, one of the cybersecurity industry's most recognized technical training programs. I’ve reviewed the options and selected a course to expand my skills with [1-2 key skills focus areas for the course].
DEF CON has been one of the world’s leading cybersecurity communities for more than three decades, known for convening industry, government, and independent experts to exchange advanced knowledge and practical skills. Building on this tradition, DEF CON Training delivers intensive courses taught by recognized global instructors. DEF CON Training courses offer hands-on instruction in a challenging, fast-paced environment. Many of the courses offered by DEF CON Training align with the National Institute of Standards and Technology (NIST) NICE Framework and Department of Defense Cyber Workforce Framework (DCWF), and attending this course will help me build and sharpen the skills required for my role.
Training: [Name of DEF CON Training Course]
Instructor/Provider: [Trainer Name(s)]
Dates: [Training Dates]
Location: Las Vegas, NV
Cost: [Course Fee]
Travel Expenses: [estimated travel & accommodations costs]
Course Description: [Copy short description of the selected class from the website here]
Trainer Bio: [Copy bio of the trainers of the selected class from the website here]
Once I’ve completed the course, I’ll be able to:
[copy student outcomes from course page where available or choose 3-4 skills or topic areas from the outline that are applicable to your current role, will help you fill a skill gap, etc.]
Business Need
As cyber threats continue to evolve, it is critical that our organization maintains current knowledge of emerging techniques and industry best practices. The selected DEF CON training aligns directly with my responsibilities in [your role/field here - for example, security operations, incident response, threat detection and hunting, application security, cloud security, risk management, security engineering].
The course will provide practical, hands-on experience that can be immediately applied to our environment and security initiatives. DEF CON training emphasizes real-world attack and defense scenarios, enabling participants to develop skills that extend beyond traditional classroom learning.
Request for Approval
I respectfully request approval and funding to attend DEF CON Training this August in Las Vegas. The knowledge, hands-on experience, and industry insights gained will directly support our cybersecurity objectives and contribute to strengthening our organization's security capabilities.
Thank you for your consideration. Please let me know if you have questions or need additional information to support this request.
Sincerely,
[Employee name]