diff options
| author | Andrey Konovalov | 2017-11-01 17:32:11 +0100 |
|---|---|---|
| committer | GitHub | 2017-11-01 17:32:11 +0100 |
| commit | abb2d9cd45c9adea0cda030481ddb616a23a270a (patch) | |
| tree | bf80f2bbd64c425d98b0179187eca233be1e7db4 | |
| parent | 26e5e53d6c45edbe8cfefc51dc668af5e76f16f4 (diff) | |
Update README.md
| -rw-r--r-- | README.md | 26 |
1 files changed, 26 insertions, 0 deletions
| @@ -12,6 +12,8 @@ Pull requests are welcome. | |||
| 12 | 12 | ||
| 13 | ## Exploitation techniques | 13 | ## Exploitation techniques |
| 14 | 14 | ||
| 15 | [2017: "Kernel Driver mmap Handler Exploitation" by Mateusz Fruba](https://labs.mwrinfosecurity.com/assets/BlogFiles/mwri-mmap-exploitation-whitepaper-2017-09-18.pdf) [whitepaper] | ||
| 16 | |||
| 15 | [2017: "Linux kernel addr_limit bug / exploitation" by Vitaly Nikolenko](https://www.youtube.com/watch?v=UFakJa3t8Ls) [video] | 17 | [2017: "Linux kernel addr_limit bug / exploitation" by Vitaly Nikolenko](https://www.youtube.com/watch?v=UFakJa3t8Ls) [video] |
| 16 | 18 | ||
| 17 | [2017: "The Stack Clash" by Qualys Research Team](https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt) [article] | 19 | [2017: "The Stack Clash" by Qualys Research Team](https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt) [article] |
| @@ -94,8 +96,12 @@ Pull requests are welcome. | |||
| 94 | 96 | ||
| 95 | ### LPE | 97 | ### LPE |
| 96 | 98 | ||
| 99 | [2017: "Exploiting on CVE-2016-6787"](https://hardenedlinux.github.io/system-security/2017/10/16/Exploiting-on-CVE-2016-6787.html) [article, CVE-2016-6787] | ||
| 100 | |||
| 97 | [2017: "Race For Root: The Analysis Of The Linux Kernel Race Condition Exploit" by Alexander Popov](https://www.youtube.com/watch?v=g7Qm0NpPAz4) [video, CVE-2017-2636] | 101 | [2017: "Race For Root: The Analysis Of The Linux Kernel Race Condition Exploit" by Alexander Popov](https://www.youtube.com/watch?v=g7Qm0NpPAz4) [video, CVE-2017-2636] |
| 98 | 102 | ||
| 103 | [2017: "Race For Root: The Analysis Of The Linux Kernel Race Condition Exploit" by Alexander Popov](https://program.sha2017.org/system/event_attachments/attachments/000/000/111/original/a13xp0p0v_race_for_root_SHA2017.pdf) [slides, CVE-2017-2636] | ||
| 104 | |||
| 99 | [2017: "Dirty COW and why lying is bad even if you are the Linux kernel"](https://chao-tic.github.io/blog/2017/05/24/dirty-cow) [article, CVE-2016-5195] | 105 | [2017: "Dirty COW and why lying is bad even if you are the Linux kernel"](https://chao-tic.github.io/blog/2017/05/24/dirty-cow) [article, CVE-2016-5195] |
| 100 | 106 | ||
| 101 | [2017: "NDAY-2017-0103: Arbitrary kernel write in sys_oabi_epoll_wait" by Zuk Avraham](https://blog.zimperium.com/nday-2017-0103-arbitrary-kernel-write-in-sys_oabi_epoll_wait/) [article, CVE-2016-3857] | 107 | [2017: "NDAY-2017-0103: Arbitrary kernel write in sys_oabi_epoll_wait" by Zuk Avraham](https://blog.zimperium.com/nday-2017-0103-arbitrary-kernel-write-in-sys_oabi_epoll_wait/) [article, CVE-2016-3857] |
| @@ -217,6 +223,8 @@ Pull requests are welcome. | |||
| 217 | 223 | ||
| 218 | ### RCE | 224 | ### RCE |
| 219 | 225 | ||
| 226 | [2017: "BlueBorn: The dangers of Bluetooth implementations: Unveiling zero day vulnerabilities and security flaws in modern Bluetooth stacks"](http://go.armis.com/hubfs/BlueBorne%20Technical%20White%20Paper.pdf?t=1505222709963) [whitepaper, CVE-2017-1000251] | ||
| 227 | |||
| 220 | [2016: "CVE Publication: CVE 2016-8633" by Eyal Itkin](https://eyalitkin.wordpress.com/2016/11/06/cve-publication-cve-2016-8633/) [article, CVE-2016-8633] | 228 | [2016: "CVE Publication: CVE 2016-8633" by Eyal Itkin](https://eyalitkin.wordpress.com/2016/11/06/cve-publication-cve-2016-8633/) [article, CVE-2016-8633] |
| 221 | 229 | ||
| 222 | [2011, DEF CON 19: "Owned Over Amateur Radio: Remote Kernel Exploitation in 2011"](http://cs.dartmouth.edu/~sergey/cs258/2012/Dan-Rosenberg-lecture.pdf) [slides, CVE-2011-1493] | 230 | [2011, DEF CON 19: "Owned Over Amateur Radio: Remote Kernel Exploitation in 2011"](http://cs.dartmouth.edu/~sergey/cs258/2012/Dan-Rosenberg-lecture.pdf) [slides, CVE-2011-1493] |
| @@ -261,6 +269,10 @@ Pull requests are welcome. | |||
| 261 | 269 | ||
| 262 | ## Defensive | 270 | ## Defensive |
| 263 | 271 | ||
| 272 | [2017: "Proposal of a Method to Prevent Privilege Escalation Attacks for Linux Kernel"](https://events.linuxfoundation.org/sites/events/files/slides/nakamura_20170831_1.pdf) [slides] | ||
| 273 | |||
| 274 | [2017: "Linux Kernel Self Protection Project" by Kees Cook](https://outflux.net/slides/2017/lss/kspp.pdf) [slides] | ||
| 275 | |||
| 264 | [2017: "PT-Rand: Practical Mitigation of Data-only Attacks against Page Tables"](https://www.internetsociety.org/sites/default/files/ndss2017_05B-4_Davi_paper.pdf) [whitepaper] | 276 | [2017: "PT-Rand: Practical Mitigation of Data-only Attacks against Page Tables"](https://www.internetsociety.org/sites/default/files/ndss2017_05B-4_Davi_paper.pdf) [whitepaper] |
| 265 | 277 | ||
| 266 | [2017: "KASLR is Dead: Long Live KASLR"](https://gruss.cc/files/kaiser.pdf) [whitepaper] | 278 | [2017: "KASLR is Dead: Long Live KASLR"](https://gruss.cc/files/kaiser.pdf) [whitepaper] |
| @@ -284,6 +296,12 @@ Pull requests are welcome. | |||
| 284 | 296 | ||
| 285 | ## Fuzzing & detectors | 297 | ## Fuzzing & detectors |
| 286 | 298 | ||
| 299 | [2017, USENIX: "kAFL: Hardware-Assisted Feedback Fuzzing for OS Kernels"](https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-schumilo.pdf) [whitepaper] | ||
| 300 | |||
| 301 | [2017, USENIX: "How Double-Fetch Situations turn into DoubleFetch Vulnerabilities: A Study of Double Fetches in the Linux Kernel"](https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-wang.pdf) [whitepaper] | ||
| 302 | |||
| 303 | [2017, USENIX: "DR. CHECKER: A Soundy Analysis for Linux Kernel Drivers"](https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-machiry.pdf) [whitepaper] | ||
| 304 | |||
| 287 | [2016, Linux Plumbers: "Syzkaller, Future Developement" by Dmitry Vyukov](https://docs.google.com/presentation/d/1iAuTvzt_xvDzS2misXwlYko_VDvpvCmDevMOq2rXIcA/edit#slide=id.p) [slides] | 305 | [2016, Linux Plumbers: "Syzkaller, Future Developement" by Dmitry Vyukov](https://docs.google.com/presentation/d/1iAuTvzt_xvDzS2misXwlYko_VDvpvCmDevMOq2rXIcA/edit#slide=id.p) [slides] |
| 288 | 306 | ||
| 289 | [2016: "Coverage-guided kernel fuzzing with syzkaller"](https://lwn.net/Articles/677764/) [article] | 307 | [2016: "Coverage-guided kernel fuzzing with syzkaller"](https://lwn.net/Articles/677764/) [article] |
| @@ -344,6 +362,14 @@ https://github.com/SecWiki/linux-kernel-exploits | |||
| 344 | 362 | ||
| 345 | https://grsecurity.net/~spender/exploits/ | 363 | https://grsecurity.net/~spender/exploits/ |
| 346 | 364 | ||
| 365 | https://github.com/jiayy/android_vuln_poc-exp | ||
| 366 | |||
| 367 | https://github.com/marsyy/littl_tools/tree/master/bluetooth | ||
| 368 | |||
| 369 | https://github.com/nongiach/CVE/tree/master/CVE-2017-5123 | ||
| 370 | |||
| 371 | http://seclists.org/fulldisclosure/2010/Sep/268 | ||
| 372 | |||
| 347 | 373 | ||
| 348 | ## Practice | 374 | ## Practice |
| 349 | 375 | ||