Update README.md

1 files changed, 20 insertions, 0 deletions

diff --git a/README.md b/README.md
index 4e4132d..aae68e2 100644
--- a/README.md
+++ b/README.md
@@ -80,6 +80,8 @@ Pull requests are welcome.
 
 [2012: "The Linux kernel memory allocators from an exploitation perspective" by Patroklos Argyroudis](https://argp.github.io/2012/01/03/linux-kernel-heap-exploitation/) [article]
 
+[2012: "Stackjacking" by Jon Oberheide and Dan Rosenberg](https://www.slideshare.net/scovetta/stackjacking) [slides]
+
 [2011: "Stackjacking Your Way to grsec/PaX Bypass" by Jon Oberheide](https://jon.oberheide.org/blog/2011/04/20/stackjacking-your-way-to-grsec-pax-bypass/) [article]
 
 [2010: "Much ado about NULL: Exploiting a kernel NULL dereference"](https://blogs.oracle.com/ksplice/entry/much_ado_about_null_exploiting1) [article]
@@ -128,6 +130,12 @@ Pull requests are welcome.
 
 ### LPE
 
+[2019: "Android Binder: The Bridge To Root" by Hongli Han and Mingjian Zhou](https://conference.hitb.org/hitbsecconf2019ams/materials/D2T2%20-%20Binder%20-%20The%20Bridge%20to%20Root%20-%20Hongli%20Han%20&%20Mingjian%20Zhou.pdf) [slides, CVE-2019-2025]
+
+[2019: "The ‘Waterdrop’ in Android: A Binder Kernel Vulnerability" by Hongli Han](http://blogs.360.cn/post/Binder_Kernel_Vul_EN.html) [article, CVE-2019-2025]
+
+[2019: "An Exercise in Practical Container Escapology" by Nick Freeman](https://capsule8.com/blog/practical-container-escape-exercise/) [article, CVE-2017-1000112]
+
 [2019: "Taking a page from the kernel's book: A TLB issue in mremap()" by Jann Horn](https://googleprojectzero.blogspot.com/2019/01/taking-page-from-kernels-book-tlb-issue.html) [article, CVE-2018-18281]
 
 [2018: "CVE-2017-11176: A step-by-step Linux Kernel exploitation](https://blog.lexfo.fr/) [article, CVE-2017-11176]
@@ -306,6 +314,8 @@ Pull requests are welcome.
 
 ### Other
 
+[2019: "Linux: virtual address 0 is mappable via privileged write() to /proc/\*/mem"](https://bugs.chromium.org/p/project-zero/issues/detail?id=1792&desc=2) [article, CVE-2019-9213]
+
 [2017: "initroot: Bypassing Nexus 6 Secure Boot through Kernel Command-line Injection"](https://alephsecurity.com/2017/05/23/nexus6-initroot/#anecdote-a-linux-kernel-out-of-bounds-write-cve-2017-1000363) [article, CVE-2017-1000363]
 
 [2016: "Motorola Android Bootloader Kernel Cmdline Injection Secure Boot Bypass"](https://alephsecurity.com/vulns/aleph-2017011) [article, CVE-2016-10277]
@@ -348,6 +358,8 @@ Pull requests are welcome.
 
 ## Defensive
 
+[2019: "Making C Less Dangerous in the Linux Kernel" by Kees Cook](https://outflux.net/slides/2019/lca/danger.pdf) [slides]
+
 [2019: "Mitigation for the Kernel Space Mirroring Attack (内核镜像攻击的缓解措施)"](http://c0reteam.org/2019/01/02/ksma) [article]
 
 [2018: "Android Kernel Control Flow Integrity Analysis (分析)"](http://c0reteam.org/2018/09/17/kcfi) [article]
@@ -409,6 +421,8 @@ Pull requests are welcome.
 
 ## Vulnerability discovery
 
+[2019: "Hourglass       Fuzz:   A       Quick   Bug     Hunting Method"](https://conference.hitb.org/hitbsecconf2019ams/materials/D1T2%20-%20Hourglass%20Fuzz%20-%20A%20Quick%20Bug%20Hunting%20Method%20-%20Moony%20Li,%20Todd%20Han,%20Lance%20Jiang%20&%20Lilang%20Wu.pdf) [slides]
+
 [2018: "RAZZER: Finding Kernel Race Bugs through Fuzzing"](https://lifeasageek.github.io/papers/jeong:razzer.pdf) [paper]
 
 [2018: "Writing the worlds worst Android fuzzer, and then improving it" by Brandon Falk](https://gamozolabs.github.io/fuzzing/2018/10/18/terrible_android_fuzzer.html) [article]
@@ -545,6 +559,8 @@ http://www.cs.columbia.edu/~vpk/research/ret2dir/
 
 https://github.com/w0lfzhang/kernel_exploit
 
+https://github.com/jinb-park/linux-exploit
+
 
 ## Practice
 
@@ -657,3 +673,7 @@ https://github.com/yrp604/atc-sources
 https://www.linuxkernelcves.com/
 
 https://github.com/jameshilliard/linux-grsec/
+
+https://github.com/a13xp0p0v/kernel-hack-drill
+
+https://github.com/vnik5287/kernel_rop