Update README.md

1 files changed, 7 insertions, 2 deletions

diff --git a/README.md b/README.md
index de21821..5cc916f 100644
--- a/README.md
+++ b/README.md
@@ -53,8 +53,6 @@ Pull requests are welcome.
 
 [2010, SOURCE Boston: "Linux Kernel Exploitation: Earning Its Pwnie a Vuln at a Time" by Jon Oberheide](https://jon.oberheide.org/files/source10-linuxkernel-jonoberheide.pdf) [slides]
 
-[2010: "Exploiting large memory management vulnerabilities in Xorg server running on Linux" by Rafal Wojtczuk](http://invisiblethingslab.com/resources/misc-2010/xorg-large-memory-attacks.pdf) [article]
-
 [2009, CanSecWest: "There's a party at ring0, and you're invited" by Tavis Ormandy and Julien Tinnes](https://www.cr0.org/paper/to-jt-party-at-ring0.pdf) [slides]
 
 [2007: "Kernel-mode exploits primer" by Sylvester Keil and Clemens Kolbitsch](http://old.iseclab.org/projects/vifuzz/docs/exploit.pdf) [whitepaper]
@@ -211,6 +209,13 @@ Pull requests are welcome.
 [2009: "When a "potential D.o.S." means a one-shot remote kernel exploit: the SCTP story"](https://kernelbof.blogspot.de/2009/04/kernel-memory-corruptions-are-not-just.html) [article, CVE-2009-0065]
 
 
+## Userspace
+
+[2017: "The Stack Clash" by Qualys Research Team](https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt) [article]
+
+[2010: "Exploiting large memory management vulnerabilities in Xorg server running on Linux" by Rafal Wojtczuk](http://invisiblethingslab.com/resources/misc-2010/xorg-large-memory-attacks.pdf) [article]
+
+
 ## Protection bypass techniques
 
 [2016: "Linux Kernel x86-64 bypass SMEP - KASLR - kptr_restric"](http://blackbunny.io/linux-kernel-x86-64-bypass-smep-kaslr-kptr_restric/) [article]