Update README.md

1 files changed, 42 insertions, 0 deletions

diff --git a/README.md b/README.md
index bfcd25e..ac20e7b 100644
--- a/README.md
+++ b/README.md
@@ -11,6 +11,10 @@ Pull requests are welcome.
 
 ## Exploitation techniques
 
+[2020: "Linux Kernel Stack Smashing" by Silvio Cesare](https://blog.infosectcbr.com.au/2020/02/linux-kernel-stack-smashing.html?m=1) [article]
+
+[2020: "Structures that can be used in kernel exploits"](https://ptr-yudai.hatenablog.com/entry/2020/03/16/165628) [article]
+
 [2019, Black Hat Europe: "Hands Off and Putting SLAB/SLUB Feng Shui in Blackbox" by Yueqi (Lewis) Chen](https://i.blackhat.com/eu-19/Wednesday/eu-19-Chen-Hands-Off-And-Putting-SLAB-SLUB-Feng-Shui-In-A-Blackbox.pdf) [slides] [[code](https://www.dropbox.com/sh/2kwcwqb8rjro80j/AAC8QBCIhcCylNUDLUd1OZCZa?dl=0)]
 
 [2019: "SLAKE: Facilitating Slab Manipulation for Exploiting Vulnerabilities in the Linux Kernel" by Yueqi (Lewis) Chen and Xinyu Xing](http://personal.psu.edu/yxc431/publications/SLAKE_Slides.pdf) [slides] [[paper](http://personal.psu.edu/yxc431/publications/SLAKE.pdf)]
@@ -151,6 +155,10 @@ Pull requests are welcome.
 
 ### LPE
 
+[2020: "Mitigations are attack surface, too" by Jann Horn](https://googleprojectzero.blogspot.com/2020/02/mitigations-are-attack-surface-too.html) [article]
+
+[2020: "CVE-2019-18683: Exploiting a Linux kernel vulnerability in the V4L2 subsystem" by Alexander Popov](https://a13xp0p0v.github.io/2020/02/15/CVE-2019-18683.html) [article, CVE-2019-18683] [[slides](https://a13xp0p0v.github.io/img/CVE-2019-18683.pdf)]
+
 [2019: "Bad Binder: Android In-The-Wild Exploit" by Maddie Stone](https://googleprojectzero.blogspot.com/2019/11/bad-binder-android-in-wild-exploit.html) [article, CVE-2019-2215]
 
 [2019: "Analyzing Android's CVE-2019-2215 (/dev/binder UAF)"](https://dayzerosec.com/posts/analyzing-androids-cve-2019-2215-dev-binder-uaf/) [article, CVE-2019-2215]
@@ -177,6 +185,14 @@ Pull requests are welcome.
 
 [2019: "CVE-2018-18281 - Analysis of TLB Vulnerabilities in Linux Kernel"](https://xz.aliyun.com/t/4005) [article]
 
+[2019: "Analysis of Linux xfrm Module Cross-Border Read-Write Escalation Vulnerability (CVE-2017-7184)"](http://p4nda.top/2019/02/16/CVE-2017-7184/) [article, CVE-2017-7184]
+
+[2019: "Analysis of Escalation Vulnerability Caused by Integer Extension of Linux ebpf Module (CVE-2017-16995)"](http://p4nda.top/2019/01/18/CVE-2017-16995/) [article, CVE-2017-16995]
+
+[2019: "Linux kernel 4.20 BPF integer overflow vulnerability analysis"](http://p4nda.top/2019/01/02/kernel-bpf-overflow/) [article]
+
+[2018: "Linux kernel 4.20 BPF integer overflow-heap overflow vulnerability and its exploitation"](https://www.anquanke.com/post/id/166819) [article]
+
 [2018: "CVE-2017-11176: A step-by-step Linux Kernel exploitation](https://blog.lexfo.fr/) [article, CVE-2017-11176]
 
 [2018: "A cache invalidation bug in Linux memory management" by Jann Horn](https://googleprojectzero.blogspot.com/2018/09/a-cache-invalidation-bug-in-linux.html) [article, CVE-2018-17182]
@@ -359,6 +375,10 @@ Pull requests are welcome.
 
 ### Other
 
+[2020: "BINDER - ANALYSIS AND EXPLOITATION OF CVE-2020-0041" by Jean-Baptiste Cayrou](https://www.synacktiv.com/posts/exploit/binder-analysis-and-exploitation-of-cve-2020-0041.html) [article, CVE-2020-0041] [[slides](https://www.synacktiv.com/ressources/thcon2020_binder.pdf])]
+
+[2020: "The never ending problems of local ASLR holes in Linux"](https://blog.blazeinfosec.com/the-never-ending-problems-of-local-aslr-holes-in-linux/) [article, CVE-2019-11190]
+
 [2019: "Reverse-engineering Broadcom wireless chipsets" by Hugues Anguelkov](https://blog.quarkslab.com/reverse-engineering-broadcom-wireless-chipsets.html) [article, CVE-2019-9503, CVE-2019-9500]
 
 [2019: "CVE-2019-2000 - Android kernel binder vulnerability analysis"](https://xz.aliyun.com/t/4494) [article, CVE-2019-2000]
@@ -367,6 +387,8 @@ Pull requests are welcome.
 
 [2019: "CVE-2019-9213 - Analysis of Linux Kernel User Space 0 Virtual Address Mapping Vulnerability"](https://cert.360.cn/report/detail?id=58e8387ec4c79693354d4797871536ea) [article, CVE-2019-9213]
 
+[2018: "IOMMU-resistant DMA attacks" by Gil Kupfer](http://www.cs.technion.ac.il/users/wwwb/cgi-bin/tr-get.cgi/2018/MSC/MSC-2018-21.pdf) [thesis]
+
 [2017: "initroot: Bypassing Nexus 6 Secure Boot through Kernel Command-line Injection"](https://alephsecurity.com/2017/05/23/nexus6-initroot/#anecdote-a-linux-kernel-out-of-bounds-write-cve-2017-1000363) [article, CVE-2017-1000363]
 
 [2016: "Motorola Android Bootloader Kernel Cmdline Injection Secure Boot Bypass"](https://alephsecurity.com/vulns/aleph-2017011) [article, CVE-2016-10277]
@@ -376,10 +398,14 @@ Pull requests are welcome.
 
 ## Protection bypass techniques
 
+[2020: "Weaknesses in Linux Kernel Heap Hardening" by Silvio Cesare](https://blog.infosectcbr.com.au/2020/03/weaknesses-in-linux-kernel-heap.html) [article]
+
 [2020: "PAN: Another day, another broken mitigation" by Siguza](https://siguza.github.io/PAN/) [article]
 
 [2019, POC: "KNOX Kernel Mitigation Bypasses" by Dong-Hoon You](http://powerofcommunity.net/poc2019/x82.pdf) [slides]
 
+[2017: "Lifting the (Hyper) Visor: Bypassing Samsung’s Real-Time Kernel Protection" by Gal Beniamini](https://googleprojectzero.blogspot.com/2017/02/lifting-hyper-visor-bypassing-samsungs.html) [article]
+
 [2016: "Linux Kernel x86-64 bypass SMEP - KASLR - kptr_restric"](https://web.archive.org/web/20171029060939/http://www.blackbunny.io/linux-kernel-x86-64-bypass-smep-kaslr-kptr_restric/) [article]
 
 [2016, KIWICON: "Practical SMEP bypass techniques on Linux" by Vitaly Nikolenko](https://cyseclabs.com/slides/smep_bypass.pdf) [slides]
@@ -415,6 +441,8 @@ Pull requests are welcome.
 
 [2020, linux.conf.au: "Control Flow Integrity in the Linux Kernel" by Kees Cook](https://outflux.net/slides/2020/lca/cfi.pdf) [slides] [[video](https://www.youtube.com/watch?v=0Bj6W7qrOOI)]
 
+[2019: "Camouflage: Hardware-assisted CFI for the ARM Linux kernel"](https://arxiv.org/pdf/1912.04145v1.pdf) [paper]
+
 [2019, Linux Security Summit EU: "A New Proposal for Protecting Kernel Data Memory" by Igor Stoppa](https://www.youtube.com/watch?v=nPH2sQAD6RY) [video]
 
 [2019: "security things in Linux vX.X" by Kees Cook](https://outflux.net/blog/archives/2019/11/14/security-things-in-linux-v5-3/) [articles]
@@ -492,6 +520,12 @@ Pull requests are welcome.
 
 ## Vulnerability discovery
 
+[2020: "HFL: Hybrid Fuzzing on the Linux Kernel"](https://www.ndss-symposium.org/wp-content/uploads/2020/02/24018.pdf) [paper]
+
+[2020: "KOOBE: Towards Facilitating Exploit Generation of Kernel Out-Of-Bounds Write Vulnerabilities"](https://www.usenix.org/system/files/sec20summer_chen-weiteng_prepub.pdf) [paper]
+
+[2020: "Analyzing the Linux Kernel in Userland with AFL and KLEE"](https://blog.grimm-co.com/post/analyzing-the-linux-kernel-in-userland-with-afl-and-klee/) [article]
+
 [2019: "Effective Static Analysis of Concurrency Use-After-Free Bugs in Linux Device Drivers"](https://hal.inria.fr/hal-02182516/document) [paper]
 
 [2019: "A gentle introduction to Linux Kernel fuzzing" by 
@@ -665,6 +699,10 @@ https://github.com/kangtastic/cve-2019-2215
 
 https://github.com/QuestEscape/exploit
 
+https://github.com/duasynt/xfrm_poc
+
+https://github.com/saelo/cve-2014-0038
+
 
 ## Tools
 
@@ -760,6 +798,10 @@ HITCON CTF Quals 2019 (PoE): [source and exploit](https://github.com/david942j/c
 
 r2con CTF 2019: [source, exploit and writeup](https://github.com/esanfelix/r2con2019-ctf-kernel)
 
+De1CTF 2019 (Race): [writeup and exploit](https://github.com/De1ta-team/De1CTF2019/tree/master/writeup/pwn/Race)
+
+zer0pts CTF 2020 (meow): [writeup](https://pr0cf5.github.io/ctf/2020/03/09/the-plight-of-tty-in-the-linux-kernel.html)
+
 
 ## Misc