March/April updates

author: Andrey Konovalov 2022-05-04 17:33:06 +0200
committer: Andrey Konovalov 2022-05-04 17:37:43 +0200
commit: 654cfca12473b3c04f287e8647b324b2a284452e (patch)
tree: 5dc4a38ea170e4d3c3636e0eecbb0f7d53e4277b /README.md
parent: 27da652a14c56bd3ded9a60f0786463e9fea5c0c (diff)
1 files changed, 40 insertions, 0 deletions
diff --git a/README.md b/README.md
index dcc3ee4..370fe12 100644
--- a/README.md
+++ b/README.md
@@ -47,6 +47,10 @@ Subscribe to @linkersec on [Telegram](https://t.me/linkersec), [Twitter](https:/
 ### Exploitation
+[2022: "Racing against the clock -- hitting a tiny kernel race window" by Jann Horn](https://googleprojectzero.blogspot.com/2022/03/racing-against-clock-hitting-tiny.html) [article]
+[2022: "Playing for K(H)eaps: Understanding and Improving Linux Kernel Exploit Reliability"](https://www.usenix.org/system/files/sec22fall_zeng.pdf) [paper]
 [2022: "Learning Linux kernel exploitation - Part 1 - Laying the groundwork"](https://0x434b.dev/dabbling-with-linux-kernel-exploitation-ctf-challenges-to-learn-the-ropes/) [article]
 [2021: "ExpRace: Exploiting Kernel Races through Raising Interrupts" at USENIX](https://www.usenix.org/system/files/sec21-lee-yoochan.pdf) [paper] [[slides](https://www.usenix.org/system/files/sec21_slides_lee_yoochan.pdf)] [[video](https://www.youtube.com/watch?v=CIHRw5YPr9o)]
@@ -275,6 +279,12 @@ Subscribe to @linkersec on [Telegram](https://t.me/linkersec), [Twitter](https:/
 ### LPE
+[2022: "How The Tables Have Turned: An analysis of two new Linux vulnerabilities in nf_tables" by David Bouman](https://blog.dbouman.nl/2022/04/02/How-The-Tables-Have-Turned-CVE-2022-1015-1016/) [CVE-2022-1015] [CVE-2022-1016]
+[2022: "The Discovery and Exploitation of CVE-2022-25636" by Nick Gregory](https://nickgregory.me/linux/security/2022/03/12/cve-2022-25636/) [article] [CVE-2022-25636]
+[2022: "CVE-2022-27666: Exploit esp6 modules in Linux kernel" by ETenal](https://etenal.me/archives/1825) [article] [CVE-2022-27666]
 [2022: "Put an io_uring on it: Exploiting the Linux Kernel" by Valentina Palmiotti](https://www.graplsecurity.com/post/iou-ring-exploiting-the-linux-kernel) [article] [CVE-2021-41073]
 [2022: "The Dirty Pipe Vulnerability" by Max Kellermann](https://dirtypipe.cm4all.com/) [article] [CVE-2022-0847]
@@ -590,6 +600,8 @@ Subscribe to @linkersec on [Telegram](https://t.me/linkersec), [Twitter](https:/
 ### RCE
+[2022: "Writing a Linux Kernel Remote in 2022" by Samuel Page](https://blog.immunityinc.com/p/writing-a-linux-kernel-remote-in-2022/) [article] [CVE-2022-0435]
 [2022: "Zenith: Pwn2Own TP-Link AC1750 Smart Wi-Fi Router Remote Code Execution Vulnerability" by Axel Souchet](https://github.com/0vercl0k/zenith) [article] [CVE-2022-24354]
 [2021: "BleedingTooth: Linux Bluetooth Zero-Click Remote Code Execution" by Andy Nguyen](https://google.github.io/security-research/pocs/linux/bleedingtooth/writeup): [BadChoice](https://github.com/google/security-research/security/advisories/GHSA-7mh3-gq28-gfrq), [BadKarma](https://github.com/google/security-research/security/advisories/GHSA-h637-c88j-47wq), [BadVibes](https://github.com/google/security-research/security/advisories/GHSA-ccx2-w2r4-x649) [article] [CVE-2020-12352, CVE-2020-12351, CVE-2020-24490]
@@ -654,6 +666,18 @@ Subscribe to @linkersec on [Telegram](https://t.me/linkersec), [Twitter](https:/
 ## Finding Bugs
+[2022: "Looking for Remote Code Execution bugs in the Linux kernel" by Andrey Konovalov](https://xairy.io/articles/syzkaller-external-network) [article]
+[2022: "Demystifying the Dependency Challenge in Kernel Fuzzing"](https://github.com/ZHYfeng/Dependency/blob/master/Paper.pdf) [paper]
+[2022: "Progressive Scrutiny: Incremental Detection of UBI bugs in the Linux Kernel"](https://www.ndss-symposium.org/wp-content/uploads/2022-380-paper.pdf) [paper]
+[2022: "Syzkaller diving 01: Learn basic KCOV and how fuzzer adopts it" by f0rm2l1n](https://f0rm2l1n.github.io/2021-02-02-syzkaller-diving-01/) [article]
+[2022: "Syzkaller diving 02: How syzkaller describe syscalls" by f0rm2l1n](https://f0rm2l1n.github.io/2021-02-04-syzkaller-diving-02/) [article]
+[2022: "Syzkaller diving 03: What is the remote KCOV?" by f0rm2l1n](https://f0rm2l1n.github.io/2021-02-10-syzkaller-diving-03/) [article]
 [2022: "Case Studies of Fuzzing with Xen" by Tamas K Lengyel at OffensiveCon](https://www.slideshare.net/tklengyel/offensivecon2022-case-studies-of-fuzzing-with-xen) [slides]
 [2021: "Rtkaller: State-aware Task Generation for RTOS Fuzzing"](http://www.wingtecher.com/themes/WingTecherResearch/assets/papers/emsoft21.pdf) [paper]
@@ -843,6 +867,12 @@ Subscribe to @linkersec on [Telegram](https://t.me/linkersec), [Twitter](https:/
 ["Linux Kernel Defence Map" by Alexander Popov](https://github.com/a13xp0p0v/linux-kernel-defence-map)
+[2022: "Compilers: The Old New Security Frontier" by Brad Spengler](https://grsecurity.net/Compilers_The_Old_New_Security_Frontier_BlueHat_IL_2022.pdf) [slides]
+[2022: "In-Kernel Control-Flow Integrity on Commodity OSes using ARM Pointer Authentication"](https://www.usenix.org/system/files/sec22fall_yoo.pdf) [paper]
+[2022: "Preventing Kernel Hacks with HAKC"](https://nebelwelt.net/files/22NDSS2.pdf) [paper]
 [2022: "Mitigating Processor Vulnerabilities by Restructuring the Kernel Address Space" by Sebastian Eydam](https://fosdem.org/2022/schedule/event/seydam/attachments/slides/4837/export/events/attachments/seydam/slides/4837/fosdem_pres_seydam.pdf) [slides]
 [2022: "Meaningful Bounds Checking in the Linux Kernel" by Kees Cook at Linux Conf AU](https://outflux.net/slides/2022/lca/) [slides] [[video](https://www.youtube.com/watch?v=17Nqwl30Ch0)]
@@ -1060,8 +1090,12 @@ https://haxx.in/files/dirtypipez.c
 https://github.com/Arinerron/CVE-2022-0847-DirtyPipe-Exploit
+https://github.com/polygraphene/DirtyPipe-Android
 https://github.com/Bonfee/CVE-2022-25636
+https://github.com/Bonfee/CVE-2022-0995
 ## Tools
@@ -1146,6 +1180,8 @@ https://github.com/Kyle-Kyle/pwning-toolset/blob/main/linux-kernel/fgkaslr_gadge
 https://github.com/vusec/kasper
+https://github.com/martinradev/gdb-pt-dump
 ## Practice
@@ -1166,6 +1202,8 @@ https://github.com/vusec/kasper
 [github.com/AravGarg/kernel-hacking/ctf-challs](https://github.com/AravGarg/kernel-hacking/tree/master/ctf-challs)
+zer0pts CTF 2022 (kRCE): [writeup](https://www.willsroot.io/2022/03/zer0pts-ctf-2022-krce-writeup.html)
 VULNCON CTF 2021 (IPS): [writeup](https://kileak.github.io/ctf/2021/vulncon-ips/), [writeup 2](https://blog.kylebot.net/2022/01/10/VULNCON-2021-IPS/)
 N1 CTF 2021 (baby-guess): [source](https://github.com/sajjadium/ctf-archives/tree/main/N1CTF/2021/pwn/baby_guess), [writeup](https://kileak.github.io/ctf/2021/n1ctf21-babyguess/)
@@ -1347,3 +1385,5 @@ https://github.com/bata24/gef
 https://github.com/PaoloMonti42/salt
 https://github.com/davidmalcolm/antipatterns.ko
+https://kernel.dance/
author	Andrey Konovalov	2022-05-04 17:33:06 +0200
committer	Andrey Konovalov	2022-05-04 17:37:43 +0200
commit	654cfca12473b3c04f287e8647b324b2a284452e (patch)
tree	5dc4a38ea170e4d3c3636e0eecbb0f7d53e4277b /README.md
parent	27da652a14c56bd3ded9a60f0786463e9fea5c0c (diff)