ToorCamp 2022

Shiva -- Advancing the programmability and security of the Linux userland runtime.
2022-07-14, 13:00–13:50 (US/Pacific), Prime Dome

"Shiva" A modern look into advancing the state of Linux process runtime hardening against exploitation by introducing a modular programming environment for the design and implementation of new security technologies without the need for compile-time instrumentation. One example demonstrates a Shiva module which implements backwards edge control flow integrity to prevent stack corruption exploits. The technology is fast, dynamic, and offers developers the programmatic insight and control to build quality software security features.

This talk we will be discussing a technology that I call Shiva. It is an
innovative approach to expanding the programmability and security of the Linux
userland runtime. Shiva is a sophisticated program that functions as a custom
"program interpreter" for loading and executing modules into the process
address space at runtime. Think "LKM's for userland".

This talk will focus primarily on the use of Shiva for the design and
integration of security modules which harden programs against exploitation at
runtime. We will explore the Shiva API, and demonstrate it's capabilities with
several modules that mitigate exploitation attacks, and a module which
implements a process sandbox to harden against general attempts at privilege
escalation. Shiva allows the programmer to have full command over the process
address space, with a flexible and innovative API that allows developers to
rapidly design new security technologies and mitigation features without the
need for compile-time instrumentation.

Moreover, we will cover the fascinating internals of the Shiva runtime
environment, and see how it can also be used as a standalone tracing engine to
accomplish complex debugging and instrumentation tasks, such as function
tracing, software profiling, and reverse engineering hardened binaries.

I have been into the computer security scene since about 1998, and have since developed an interest in exploitation, reverse engineering, software development, system internals and beyond. A good chunk of my research can be found at, and -- I have published in phrack magazine, vxheaven, POC||GTFO, and am currently working on a whitepaper with VirginiaTech University. I have a passion for hacking, and designing new security technologies, especially as they pertain to kernel internals, binary formats, and runtime instrumentation. Coding is the act of creation, and I love innovating.