diff options
| author | Andrey Konovalov | 2017-07-30 04:10:07 +0200 |
|---|---|---|
| committer | GitHub | 2017-07-30 04:10:07 +0200 |
| commit | 8955578bf27f193dcb50b4cbade1f85d53309ad3 (patch) | |
| tree | b1b235cdfd5d42d535dcc835f8b99c53e2f19ea1 /README.md | |
| parent | 11b6bd36dbad64470bfa89290ad161b6b6b9bad1 (diff) | |
Update README.md
Diffstat (limited to 'README.md')
| -rw-r--r-- | README.md | 25 |
1 files changed, 15 insertions, 10 deletions
| @@ -12,6 +12,10 @@ Pull requests are welcome. | |||
| 12 | 12 | ||
| 13 | ## Exploitation techniques | 13 | ## Exploitation techniques |
| 14 | 14 | ||
| 15 | [2017: "Linux kernel addr_limit bug / exploitation" by Vitaly Nikolenko](https://www.youtube.com/watch?v=UFakJa3t8Ls) [video] | ||
| 16 | |||
| 17 | [2017: "The Stack Clash" by Qualys Research Team](https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt) [article] | ||
| 18 | |||
| 15 | [2017: "New Reliable Android Kernel Root Exploitation Techniques"](http://powerofcommunity.net/poc2016/x82.pdf) [slides] | 19 | [2017: "New Reliable Android Kernel Root Exploitation Techniques"](http://powerofcommunity.net/poc2016/x82.pdf) [slides] |
| 16 | 20 | ||
| 17 | [2017: "Unleashing Use-Before-Initialization Vulnerabilities in the Linux Kernel Using Targeted Stack Spraying"](https://www.internetsociety.org/sites/default/files/ndss2017_09-2_Lu_paper.pdf) [whitepaper] | 21 | [2017: "Unleashing Use-Before-Initialization Vulnerabilities in the Linux Kernel Using Targeted Stack Spraying"](https://www.internetsociety.org/sites/default/files/ndss2017_09-2_Lu_paper.pdf) [whitepaper] |
| @@ -75,6 +79,8 @@ Pull requests are welcome. | |||
| 75 | 79 | ||
| 76 | ### Information leak | 80 | ### Information leak |
| 77 | 81 | ||
| 82 | [2017: "Linux kernel 2.6.0 to 4.12-rc4 infoleak due to a data race in ALSA timer" by Alexander Potapenko](http://seclists.org/oss-sec/2017/q2/455) [announcement, CVE-2017-1000380] | ||
| 83 | |||
| 78 | [2017: "The Infoleak that (Mostly) Wasn't" by Brad Spengler](https://grsecurity.net/the_infoleak_that_mostly_wasnt.php) [article, CVE-2017-7616] | 84 | [2017: "The Infoleak that (Mostly) Wasn't" by Brad Spengler](https://grsecurity.net/the_infoleak_that_mostly_wasnt.php) [article, CVE-2017-7616] |
| 79 | 85 | ||
| 80 | [2016: "Exploiting a Linux Kernel Infoleak to bypass Linux kASLR"](https://marcograss.github.io/security/linux/2016/01/24/exploiting-infoleak-linux-kaslr-bypass.html) [article] | 86 | [2016: "Exploiting a Linux Kernel Infoleak to bypass Linux kASLR"](https://marcograss.github.io/security/linux/2016/01/24/exploiting-infoleak-linux-kaslr-bypass.html) [article] |
| @@ -176,6 +182,10 @@ Pull requests are welcome. | |||
| 176 | 182 | ||
| 177 | [2011, DEF CON 19: "Kernel Exploitation Via Uninitialized Stack" by Kees Cook](https://www.youtube.com/watch?v=jg-wnwnkbsy) [video, CVE-2010-2963] | 183 | [2011, DEF CON 19: "Kernel Exploitation Via Uninitialized Stack" by Kees Cook](https://www.youtube.com/watch?v=jg-wnwnkbsy) [video, CVE-2010-2963] |
| 178 | 184 | ||
| 185 | [2010: "CVE-2010-2963 v4l compat exploit" by Kees Cook](https://outflux.net/blog/archives/2010/10/19/cve-2010-2963-v4l-compat-exploit/) [article, CVE-2010-2963] | ||
| 186 | |||
| 187 | [2010: "Exploiting large memory management vulnerabilities in Xorg server running on Linux" by Rafal Wojtczuk](http://invisiblethingslab.com/resources/misc-2010/xorg-large-memory-attacks.pdf) [article, CVE-2010-2240] | ||
| 188 | |||
| 179 | [2010: "Some Notes on CVE-2010-3081 Exploitability"](https://blog.nelhage.com/2010/11/exploiting-cve-2010-3081/) [article, CVE-2010-3081] | 189 | [2010: "Some Notes on CVE-2010-3081 Exploitability"](https://blog.nelhage.com/2010/11/exploiting-cve-2010-3081/) [article, CVE-2010-3081] |
| 180 | 190 | ||
| 181 | [2010: "CVE-2010-4258: Turning Denial-of-service Into Privilege Escalation" by Nelson Elhage](https://blog.nelhage.com/2010/12/cve-2010-4258-from-dos-to-privesc/) [article, CVE-2010-4258] | 191 | [2010: "CVE-2010-4258: Turning Denial-of-service Into Privilege Escalation" by Nelson Elhage](https://blog.nelhage.com/2010/12/cve-2010-4258-from-dos-to-privesc/) [article, CVE-2010-4258] |
| @@ -214,13 +224,6 @@ Pull requests are welcome. | |||
| 214 | [2009: "When a "potential D.o.S." means a one-shot remote kernel exploit: the SCTP story"](https://kernelbof.blogspot.de/2009/04/kernel-memory-corruptions-are-not-just.html) [article, CVE-2009-0065] | 224 | [2009: "When a "potential D.o.S." means a one-shot remote kernel exploit: the SCTP story"](https://kernelbof.blogspot.de/2009/04/kernel-memory-corruptions-are-not-just.html) [article, CVE-2009-0065] |
| 215 | 225 | ||
| 216 | 226 | ||
| 217 | ## Userspace | ||
| 218 | |||
| 219 | [2017: "The Stack Clash" by Qualys Research Team](https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt) [article] | ||
| 220 | |||
| 221 | [2010: "Exploiting large memory management vulnerabilities in Xorg server running on Linux" by Rafal Wojtczuk](http://invisiblethingslab.com/resources/misc-2010/xorg-large-memory-attacks.pdf) [article] | ||
| 222 | |||
| 223 | |||
| 224 | ## Protection bypass techniques | 227 | ## Protection bypass techniques |
| 225 | 228 | ||
| 226 | [2016: "Linux Kernel x86-64 bypass SMEP - KASLR - kptr_restric"](http://blackbunny.io/linux-kernel-x86-64-bypass-smep-kaslr-kptr_restric/) [article] | 229 | [2016: "Linux Kernel x86-64 bypass SMEP - KASLR - kptr_restric"](http://blackbunny.io/linux-kernel-x86-64-bypass-smep-kaslr-kptr_restric/) [article] |
| @@ -291,7 +294,9 @@ Pull requests are welcome. | |||
| 291 | 294 | ||
| 292 | [2015, DEF CON 23: "Introduction to USB and Fuzzing" by Matt DuHarte](https://www.youtube.com/watch?v=KWOTXypBt4E) [video] | 295 | [2015, DEF CON 23: "Introduction to USB and Fuzzing" by Matt DuHarte](https://www.youtube.com/watch?v=KWOTXypBt4E) [video] |
| 293 | 296 | ||
| 294 | [2015, Black Hat: "Don't Trust Your USB! How to Find Bugs in USB Device Drivers" by Sergej Schumilo, Ralf Spenneberg, and Hendrik Schwartke](https://www.youtube.com/watch?v=OAbzN8k6Am4)[video] | 297 | [2015, Black Hat: "Don't Trust Your USB! How to Find Bugs in USB Device Drivers" by Sergej Schumilo, Ralf Spenneberg, and Hendrik Schwartke](https://www.youtube.com/watch?v=OAbzN8k6Am4) [video] |
| 298 | |||
| 299 | [2010: "Automatic Bug-finding Techniques for Linux Kernel" by Jiri Slaby](https://www.fi.muni.cz/~xslaby/sklad/teze.pdf) [whitepaper] | ||
| 295 | 300 | ||
| 296 | 301 | ||
| 297 | ## Fuzzers | 302 | ## Fuzzers |
| @@ -331,12 +336,12 @@ https://github.com/f47h3r/hackingteam_exploits | |||
| 331 | 336 | ||
| 332 | https://github.com/xairy/kernel-exploits | 337 | https://github.com/xairy/kernel-exploits |
| 333 | 338 | ||
| 334 | https://github.com/ScottyBauer/Android_Kernel_CVE_POCs | ||
| 335 | |||
| 336 | https://github.com/Kabot/Unix-Privilege-Escalation-Exploits-Pack | 339 | https://github.com/Kabot/Unix-Privilege-Escalation-Exploits-Pack |
| 337 | 340 | ||
| 338 | https://github.com/SecWiki/linux-kernel-exploits | 341 | https://github.com/SecWiki/linux-kernel-exploits |
| 339 | 342 | ||
| 343 | https://grsecurity.net/~spender/exploits/ | ||
| 344 | |||
| 340 | 345 | ||
| 341 | ## Practice | 346 | ## Practice |
| 342 | 347 | ||