Update README.md

1 files changed, 72 insertions, 34 deletions

diff --git a/README.md b/README.md
index ff926ba..111a091 100644
--- a/README.md
+++ b/README.md
@@ -9,7 +9,11 @@ Pull requests are welcome.
 
 2012: "A Guide to Kernel Exploitation: Attacking the Core" by Enrico Perla and Massimiliano Oldani
 
-## Exploitation techniques
+## Workshops
+
+[2020: "Android Kernel Exploitation" by Ashfaq Ansari](https://github.com/cloudfuzz/android-kernel-exploitation) [workshop]
+
+## Exploitation Techniques
 
 [2020: "Linux Kernel Stack Smashing" by Silvio Cesare](https://blog.infosectcbr.com.au/2020/02/linux-kernel-stack-smashing.html?m=1) [article]
 
@@ -25,7 +29,7 @@ Pull requests are welcome.
 
 [2019: "Leak kernel pointer by exploiting uninitialized uses in Linux kernel" by Jinbum Park](https://jinb-park.github.io/leak-kptr.html) [slides]
 
-[2018: "FUZE: Towards Facilitating Exploit Generation for Kernel Use-After-Free Vulnerabilities"](http://personal.psu.edu/yxc431/publications/FUZE_Slides.pdf) [slides] [[whitepaper](http://personal.psu.edu/yxc431/publications/FUZE.pdf)]
+[2018: "FUZE: Towards Facilitating Exploit Generation for Kernel Use-After-Free Vulnerabilities"](http://personal.psu.edu/yxc431/publications/FUZE_Slides.pdf) [slides] [[paper](http://personal.psu.edu/yxc431/publications/FUZE.pdf)]
 
 [2018: "Linux Kernel universal heap spray" by Vitaly Nikolenko](https://cyseclabs.com/blog/linux-kernel-heap-spray) [article]
 
@@ -47,9 +51,9 @@ Pull requests are welcome.
 
 [2017: "Escalating Privileges in Linux using Fault Injection" by Niek Timmers and Cristofaro Mune](https://www.riscure.com/uploads/2017/10/escalating-privileges-in-linux-using-fi-presentation-fdtc-2017.pdf) [slides]
 
-[2017: "Escalating Privileges in Linux using Fault Injection" by Niek Timmers and Cristofaro Mune](https://www.riscure.com/uploads/2017/10/Riscure_Whitepaper_Escalating_Privileges_in_Linux_using_Fault_Injection.pdf) [whitepaper]
+[2017: "Escalating Privileges in Linux using Fault Injection" by Niek Timmers and Cristofaro Mune](https://www.riscure.com/uploads/2017/10/Riscure_Whitepaper_Escalating_Privileges_in_Linux_using_Fault_Injection.pdf) [paper]
 
-[2017: "Kernel Driver mmap Handler Exploitation" by Mateusz Fruba](https://labs.mwrinfosecurity.com/assets/BlogFiles/mwri-mmap-exploitation-whitepaper-2017-09-18.pdf) [whitepaper]
+[2017: "Kernel Driver mmap Handler Exploitation" by Mateusz Fruba](https://labs.mwrinfosecurity.com/assets/BlogFiles/mwri-mmap-exploitation-whitepaper-2017-09-18.pdf) [paper]
 
 [2017: "Linux kernel addr_limit bug / exploitation" by Vitaly Nikolenko](https://www.youtube.com/watch?v=UFakJa3t8Ls) [video]
 
@@ -57,7 +61,7 @@ Pull requests are welcome.
 
 [2017: "New Reliable Android Kernel Root Exploitation Techniques"](http://powerofcommunity.net/poc2016/x82.pdf) [slides]
 
-[2017: "Unleashing Use-Before-Initialization Vulnerabilities in the Linux Kernel Using Targeted Stack Spraying"](https://www-users.cs.umn.edu/~kjlu/papers/tss.pdf) [whitepaper]
+[2017: "Unleashing Use-Before-Initialization Vulnerabilities in the Linux Kernel Using Targeted Stack Spraying"](https://www-users.cs.umn.edu/~kjlu/papers/tss.pdf) [paper]
 
 [2017: "Breaking KASLR with perf" by Lizzie Dixon](https://blog.lizzie.io/kaslr-and-perf.html) [article]
 
@@ -77,11 +81,11 @@ Pull requests are welcome.
 
 [2016, MOSEC 2016: "Talk is cheap, show me the code" by Keen Lab](https://speakerdeck.com/retme7/talk-is-cheap-show-me-the-code) [slides]
 
-[2016, Black Hat: "Randomization Can't Stop BPF JIT Spray" by Elena Reshetova](https://www.blackhat.com/docs/eu-16/materials/eu-16-Reshetova-Randomization-Can't-Stop-BPF-JIT-Spray.pdf) [slides] [[video](https://www.youtube.com/watch?v=_F7iQQ1Um2M)] [[whitepaper](https://www.blackhat.com/docs/eu-16/materials/eu-16-Reshetova-Randomization-Can't-Stop-BPF-JIT-Spray-wp.pdf)]
+[2016, Black Hat: "Randomization Can't Stop BPF JIT Spray" by Elena Reshetova](https://www.blackhat.com/docs/eu-16/materials/eu-16-Reshetova-Randomization-Can't-Stop-BPF-JIT-Spray.pdf) [slides] [[video](https://www.youtube.com/watch?v=_F7iQQ1Um2M)] [[paper](https://www.blackhat.com/docs/eu-16/materials/eu-16-Reshetova-Randomization-Can't-Stop-BPF-JIT-Spray-wp.pdf)]
 
-[2015: "Kernel Data Attack is a Realistic Security Threat"](https://www.eecis.udel.edu/~hnw/paper/kerneldata.pdf) [whitepaper]
+[2015: "Kernel Data Attack is a Realistic Security Threat"](https://www.eecis.udel.edu/~hnw/paper/kerneldata.pdf) [paper]
 
-[2015: "From Collision To Exploitation: Unleashing Use-After-Free Vulnerabilities in Linux Kernel"](http://repository.root-me.org/Exploitation%20-%20Syst%C3%A8me/Unix/EN%20-%20From%20collision%20to%20exploitation%3A%20Unleashing%20Use-After-Free%20vulnerabilities%20in%20Linux%20Kernel.pdf) [whitepaper]
+[2015: "From Collision To Exploitation: Unleashing Use-After-Free Vulnerabilities in Linux Kernel"](http://repository.root-me.org/Exploitation%20-%20Syst%C3%A8me/Unix/EN%20-%20From%20collision%20to%20exploitation%3A%20Unleashing%20Use-After-Free%20vulnerabilities%20in%20Linux%20Kernel.pdf) [paper]
 
 [2015: "Linux Kernel Exploitation" by Patrick Biernat](http://security.cs.rpi.edu/courses/binexp-spring2015/lectures/23/13_lecture.pdf) [slides]
 
@@ -93,7 +97,7 @@ Pull requests are welcome.
 
 [2012: "Understanding Linux Kernel Vulnerabilities" by Richard Carback](https://www.csee.umbc.edu/courses/undergraduate/421/Spring12/02/slides/ULKV.pdf) [slides]
 
-[2012: "A Heap of Trouble: Breaking the Linux Kernel SLOB Allocator" by Dan Rosenberg](https://www.vsecurity.com//download/papers/slob-exploitation.pdf) [whitepaper]
+[2012: "A Heap of Trouble: Breaking the Linux Kernel SLOB Allocator" by Dan Rosenberg](https://www.vsecurity.com//download/papers/slob-exploitation.pdf) [paper]
 
 [2012: "Attacking hardened Linux systems with kernel JIT spraying" by Keegan McAllister](https://mainisusuallyafunction.blogspot.ru/2012/11/attacking-hardened-linux-systems-with.html) [article]
 
@@ -113,7 +117,7 @@ Pull requests are welcome.
 
 [2009, CanSecWest: "There's a party at ring0, and you're invited" by Tavis Ormandy and Julien Tinnes](https://www.cr0.org/paper/to-jt-party-at-ring0.pdf) [slides]
 
-[2007: "Kernel-mode exploits primer" by Sylvester Keil and Clemens Kolbitsch](http://old.iseclab.org/projects/vifuzz/docs/exploit.pdf) [whitepaper]
+[2007: "Kernel-mode exploits primer" by Sylvester Keil and Clemens Kolbitsch](http://old.iseclab.org/projects/vifuzz/docs/exploit.pdf) [paper]
 
 [2007, Phrack: "Attacking the Core : Kernel Exploiting Notes"](http://phrack.org/archives/issues/64/6.txt) [article]
 
@@ -128,7 +132,7 @@ Pull requests are welcome.
 
 ## Vulnerabilities
 
-### Information leak
+### Information Leak
 
 [2019: "CVE-2018-3639 / CVE-2019-7308—Analysis of Spectre Attacking Linux Kernel ebpf"](https://xz.aliyun.com/t/4230) [article, CVE-2018-3639, CVE-2019-7308]
 
@@ -155,10 +159,22 @@ Pull requests are welcome.
 
 ### LPE
 
+[2020: "Binder - Analysis and exploitation of CVE-2020-0041" by Jean-Baptiste Cayrou](https://www.synacktiv.com/posts/exploit/binder-analysis-and-exploitation-of-cve-2020-0041.html) [article, CVE-2020-0041]
+
+[2020, THCON: "Binder IPC and its vulnerabilities" by Jean-Baptiste Cayrou](https://www.synacktiv.com/ressources/thcon2020_binder.pdf) [slides, CVE-2019-2215, CVE-2019-2025, CVE-2019-2181, CVE-2019-2214, CVE-2020-0041]
+
+[2020: "Exploiting CVE-2020-0041 - Part 2: Escalating to root" by Eloi Sanfelix and Jordan Gruskovnjak](https://labs.bluefrostsecurity.de/blog/2020/04/08/cve-2020-0041-part-2-escalating-to-root/) [article, CVE-2020-0041]
+
+[2020, OffensiveCon: "A bug collision tale" by Eloi Sanfelix](https://labs.bluefrostsecurity.de/files/OffensiveCon2020_bug_collision_tale.pdf) [slides, CVE-2019-2025] [[video](https://www.youtube.com/watch?v=WOdRkZwGYDQ)]
+
+[2020: "CVE-2020-8835: Linux Kernel Privilege Escalation via Improper eBPF Program Verification" by Manfred Paul](https://www.zerodayinitiative.com/blog/2020/4/8/cve-2020-8835-linux-kernel-privilege-escalation-via-improper-ebpf-program-verification) [article, CVE-2020-8835]
+
 [2020: "Mitigations are attack surface, too" by Jann Horn](https://googleprojectzero.blogspot.com/2020/02/mitigations-are-attack-surface-too.html) [article]
 
 [2020: "CVE-2019-18683: Exploiting a Linux kernel vulnerability in the V4L2 subsystem" by Alexander Popov](https://a13xp0p0v.github.io/2020/02/15/CVE-2019-18683.html) [article, CVE-2019-18683] [[slides](https://a13xp0p0v.github.io/img/CVE-2019-18683.pdf)]
 
+[2020: "Multiple Kernel Vulnerabilities Affecting All Qualcomm Devices" by Tamir Zahavi-Brunner](https://blog.zimperium.com/multiple-kernel-vulnerabilities-affecting-all-qualcomm-devices/) [article, CVE-2019-14040, CVE-2019-14041]
+
 [2019: "Bad Binder: Android In-The-Wild Exploit" by Maddie Stone](https://googleprojectzero.blogspot.com/2019/11/bad-binder-android-in-wild-exploit.html) [article, CVE-2019-2215]
 
 [2019: "Analyzing Android's CVE-2019-2215 (/dev/binder UAF)"](https://dayzerosec.com/posts/analyzing-androids-cve-2019-2215-dev-binder-uaf/) [article, CVE-2019-2215]
@@ -375,7 +391,7 @@ Pull requests are welcome.
 
 ### Other
 
-[2020: "BINDER - ANALYSIS AND EXPLOITATION OF CVE-2020-0041" by Jean-Baptiste Cayrou](https://www.synacktiv.com/posts/exploit/binder-analysis-and-exploitation-of-cve-2020-0041.html) [article, CVE-2020-0041] [[slides](https://www.synacktiv.com/ressources/thcon2020_binder.pdf])]
+[2020: "Curiosity around 'exec_id' and some problems associated with it" by Adam Zabrocki](https://www.openwall.com/lists/kernel-hardening/2020/03/25/1) [article]
 
 [2020: "The never ending problems of local ASLR holes in Linux"](https://blog.blazeinfosec.com/the-never-ending-problems-of-local-aslr-holes-in-linux/) [article, CVE-2019-11190]
 
@@ -396,10 +412,12 @@ Pull requests are welcome.
 [2015: "Vulnerability in the Linux Crypto API that allows unprivileged users to load arbitrary kernel modules" by Mathias Krause](https://plus.google.com/+MathiasKrause/posts/PqFCo4bfrWu) [annnouncement]
 
 
-## Protection bypass techniques
+## Protection Bypass Techniques
 
 [2020: "Weaknesses in Linux Kernel Heap Hardening" by Silvio Cesare](https://blog.infosectcbr.com.au/2020/03/weaknesses-in-linux-kernel-heap.html) [article]
 
+[2020: "An Analysis of Linux Kernel Heap Hardening" by Silvio Cesare](https://blog.infosectcbr.com.au/2020/04/an-analysis-of-linux-kernel-heap.html) [article]
+
 [2020: "PAN: Another day, another broken mitigation" by Siguza](https://siguza.github.io/PAN/) [article]
 
 [2019, POC: "KNOX Kernel Mitigation Bypasses" by Dong-Hoon You](http://powerofcommunity.net/poc2019/x82.pdf) [slides]
@@ -426,7 +444,7 @@ Pull requests are welcome.
 
 [2015: "Effectively bypassing kptr_restrict on Android" by Gal Beniamini](https://bits-please.blogspot.de/2015/08/effectively-bypassing-kptrrestrict-on.html) [article]
 
-[2014, Black Hat Europe: "ret2dir: Deconstructing Kernel Isolation" by Vasileios P. Kemerlis, Michalis Polychronakis, Angelos D. Keromytis](https://www.blackhat.com/docs/eu-14/materials/eu-14-Kemerlis-Ret2dir-Deconstructing-Kernel-Isolation-wp.pdf) [whitepaper]
+[2014, Black Hat Europe: "ret2dir: Deconstructing Kernel Isolation" by Vasileios P. Kemerlis, Michalis Polychronakis, Angelos D. Keromytis](https://www.blackhat.com/docs/eu-14/materials/eu-14-Kemerlis-Ret2dir-Deconstructing-Kernel-Isolation-wp.pdf) [paper]
 
 [2014, Black Hat Europe: "ret2dir: Deconstructing Kernel Isolation" by Vasileios Kemerlis](https://www.youtube.com/watch?v=kot-EQ9zf9k) [video]
 
@@ -483,15 +501,15 @@ Pull requests are welcome.
 
 [2017, HitB: "Shadow-Box: The Practical and Omnipotent Sandbox" by Seunghun Han](http://conference.hitb.org/hitbsecconf2017ams/materials/D1T2%20-%20Seunghun%20Han%20-%20Shadow-Box%20-%20The%20Practical%20and%20Omnipotent%20Sandbox.pdf) [slides]
 
-[2017: "Towards Linux Kernel Memory Safety"](https://arxiv.org/pdf/1710.06175.pdf) [whitepaper]
+[2017: "Towards Linux Kernel Memory Safety"](https://arxiv.org/pdf/1710.06175.pdf) [paper]
 
 [2017: "Proposal of a Method to Prevent Privilege Escalation Attacks for Linux Kernel"](https://events.linuxfoundation.org/sites/events/files/slides/nakamura_20170831_1.pdf) [slides]
 
 [2017: "Linux Kernel Self Protection Project" by Kees Cook](https://outflux.net/slides/2017/lss/kspp.pdf) [slides]
 
-[2017: "PT-Rand: Practical Mitigation of Data-only Attacks against Page Tables"](https://www.internetsociety.org/sites/default/files/ndss2017_05B-4_Davi_paper.pdf) [whitepaper]
+[2017: "PT-Rand: Practical Mitigation of Data-only Attacks against Page Tables"](https://www.internetsociety.org/sites/default/files/ndss2017_05B-4_Davi_paper.pdf) [paper]
 
-[2017: "KASLR is Dead: Long Live KASLR"](https://gruss.cc/files/kaiser.pdf) [whitepaper]
+[2017: "KASLR is Dead: Long Live KASLR"](https://gruss.cc/files/kaiser.pdf) [paper]
 
 [2017: "Honey, I shrunk the attack surface – Adventures in Android security hardening" by Nick Kralevich](https://www.youtube.com/watch?v=ITL6VHOFQj8) [video]
 
@@ -505,9 +523,9 @@ Pull requests are welcome.
 
 [2015: "RAP: RIP ROP"](https://pax.grsecurity.net/docs/PaXTeam-H2HC15-RAP-RIP-ROP.pdf) [slides]
 
-[2015: "Protecting Commodity Operating Systems through Strong Kernel Isolation" by Vasileios Kemerlis](http://www.cs.columbia.edu/~angelos/Papers/theses/vpk_thesis.pdf) [whitepaper]
+[2015: "Protecting Commodity Operating Systems through Strong Kernel Isolation" by Vasileios Kemerlis](http://www.cs.columbia.edu/~angelos/Papers/theses/vpk_thesis.pdf) [paper]
 
-[2014: "Kernel Self-Protection through Quantified Attack Surface Reduction" by Anil Kurmus](https://publikationsserver.tu-braunschweig.de/servlets/MCRFileNodeServlet/digibib_derivate_00036154/Diss_Kurmus_Anil.pdf) [whitepaper]
+[2014: "Kernel Self-Protection through Quantified Attack Surface Reduction" by Anil Kurmus](https://publikationsserver.tu-braunschweig.de/servlets/MCRFileNodeServlet/digibib_derivate_00036154/Diss_Kurmus_Anil.pdf) [paper]
 
 [2013: "KASLR: An Exercise in Cargo Cult Security" by Brad Spengler](https://forums.grsecurity.net/viewtopic.php?f=7&t=3367) [article]
 
@@ -518,7 +536,15 @@ Pull requests are welcome.
 [2009, Phrack: "Linux Kernel Heap Tampering Detection" by Larry Highsmith](http://phrack.org/archives/issues/66/15.txt) [article]
 
 
-## Vulnerability discovery
+## Vulnerability Discovery
+
+[2020: "HFL: Hybrid Fuzzing on the Linux Kernel"](https://www.ndss-symposium.org/wp-content/uploads/2020/02/24018.pdf) [paper]
+
+[2020: "Effective Detection of Sleep-in-atomic-context Bugs in the Linux Kernel"](https://dl.acm.org/doi/pdf/10.1145/3381990) [paper]
+
+[2020: "KRACE: Data Race Fuzzing for Kernel File Systems"](https://www.cc.gatech.edu/~mxu80/pubs/xu:krace.pdf) [paper] [[video](https://www.youtube.com/watch?v=8m2fMxvRtgg)]
+
+[2020: "USBFuzz: A Framework for Fuzzing USB Drivers by Device Emulation" by Hui Peng and Mathias Payer](https://nebelwelt.net/publications/files/20SEC3.pdf) [paper]
 
 [2020: "HFL: Hybrid Fuzzing on the Linux Kernel"](https://www.ndss-symposium.org/wp-content/uploads/2020/02/24018.pdf) [paper]
 
@@ -549,11 +575,11 @@ Marek Majkowski](https://blog.cloudflare.com/a-gentle-introduction-to-linux-kern
 
 [2018: "Writing the worlds worst Android fuzzer, and then improving it" by Brandon Falk](https://gamozolabs.github.io/fuzzing/2018/10/18/terrible_android_fuzzer.html) [article]
 
-[2018: "From Thousands of Hours to a Couple of Minutes: Towards Automating Exploit Generation for Arbitrary Types of Kernel Vulnerabilities"](http://i.blackhat.com/us-18/Thu-August-9/us-18-Wu-Towards-Automating-Exploit-Generation-For-Arbitrary-Types-of-Kernel-Vulnerabilities.pdf) [slides] [[whitepaper](http://i.blackhat.com/us-18/Thu-August-9/us-18-Wu-Towards-Automating-Exploit-Generation-For-Arbitrary-Types-of-Kernel-Vulnerabilities-wp.pdf)]
+[2018: "From Thousands of Hours to a Couple of Minutes: Towards Automating Exploit Generation for Arbitrary Types of Kernel Vulnerabilities"](http://i.blackhat.com/us-18/Thu-August-9/us-18-Wu-Towards-Automating-Exploit-Generation-For-Arbitrary-Types-of-Kernel-Vulnerabilities.pdf) [slides] [[paper](http://i.blackhat.com/us-18/Thu-August-9/us-18-Wu-Towards-Automating-Exploit-Generation-For-Arbitrary-Types-of-Kernel-Vulnerabilities-wp.pdf)]
 
 [2018: "MoonShine: Optimizing OS Fuzzer Seed Selection with Trace Distillation"](http://www.cs.columbia.edu/~suman/docs/moonshine.pdf) [paper]
 
-[2018: "Detecting Kernel Memory Disclosure with x86 Emulation and Taint Tracking" by Mateusz Jurczyk](https://j00ru.vexillium.org/papers/2018/bochspwn_reloaded.pdf) [whitepaper]
+[2018: "Detecting Kernel Memory Disclosure with x86 Emulation and Taint Tracking" by Mateusz Jurczyk](https://j00ru.vexillium.org/papers/2018/bochspwn_reloaded.pdf) [paper]
 
 [2018, BlackHat: "New Compat Vulnerabilities In Linux Device Drivers"](https://www.blackhat.com/docs/asia-18/asia-18-Ding-New-Compat-Vulnerabilities-In-Linux-Device-Drivers.pdf) [slides]
 
@@ -567,15 +593,15 @@ Marek Majkowski](https://blog.cloudflare.com/a-gentle-introduction-to-linux-kern
 
 [2017, Black Hat USA: "Evolutionary Kernel Fuzzing" by Richard Johnson](https://moflow.org/Presentations/Evolutionary%20Kernel%20Fuzzing-BH2017-rjohnson-FINAL.pdf) [slides]
 
-[2017: "DIFUZE: Interface Aware Fuzzing for Kernel Drivers"](https://www.blackhat.com/docs/eu-17/materials/eu-17-Corina-Difuzzing-Android-Kernel-Drivers.pdf) [slides] [[whitepaper](https://www.blackhat.com/docs/eu-17/materials/eu-17-Corina-Difuzzing-Android-Kernel-Drivers-wp.pdf)]
+[2017: "DIFUZE: Interface Aware Fuzzing for Kernel Drivers"](https://www.blackhat.com/docs/eu-17/materials/eu-17-Corina-Difuzzing-Android-Kernel-Drivers.pdf) [slides] [[paper](https://www.blackhat.com/docs/eu-17/materials/eu-17-Corina-Difuzzing-Android-Kernel-Drivers-wp.pdf)]
 
-[2017, CCS: "SemFuzz: Semantics-based Automatic Generation of Proof-of-Concept Exploits"](https://acmccs.github.io/papers/p2139-youA.pdf) [whitepaper]
+[2017, CCS: "SemFuzz: Semantics-based Automatic Generation of Proof-of-Concept Exploits"](https://acmccs.github.io/papers/p2139-youA.pdf) [paper]
 
-[2017, USENIX: "kAFL: Hardware-Assisted Feedback Fuzzing for OS Kernels"](https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-schumilo.pdf) [whitepaper]
+[2017, USENIX: "kAFL: Hardware-Assisted Feedback Fuzzing for OS Kernels"](https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-schumilo.pdf) [paper]
 
-[2017, USENIX: "How Double-Fetch Situations turn into DoubleFetch Vulnerabilities: A Study of Double Fetches in the Linux Kernel"](https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-wang.pdf) [whitepaper]
+[2017, USENIX: "How Double-Fetch Situations turn into DoubleFetch Vulnerabilities: A Study of Double Fetches in the Linux Kernel"](https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-wang.pdf) [paper]
 
-[2017, USENIX: "DR. CHECKER: A Soundy Analysis for Linux Kernel Drivers"](https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-machiry.pdf) [whitepaper]
+[2017, USENIX: "DR. CHECKER: A Soundy Analysis for Linux Kernel Drivers"](https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-machiry.pdf) [paper]
 
 [2016: "Using Static Checking To Find Security Vulnerabilities In The Linux Kernel" by Vaishali Thakkar](http://events17.linuxfoundation.org/sites/events/files/slides/Using%20static%20checking%20to%20find%20security%20vulnerabilities%20in%20the%20Linux%20Kernel.pdf) [slides]
 
@@ -597,9 +623,9 @@ Marek Majkowski](https://blog.cloudflare.com/a-gentle-introduction-to-linux-kern
 
 [2015, Black Hat: "Don't Trust Your USB! How to Find Bugs in USB Device Drivers" by Sergej Schumilo, Ralf Spenneberg, and Hendrik Schwartke](https://www.youtube.com/watch?v=OAbzN8k6Am4) [video]
 
-[2012: "Comprehensive Kernel Instrumentation via Dynamic Binary Translation"](http://www.cs.toronto.edu/~peter/feiner_asplos_2012.pdf) [whitepaper]
+[2012: "Comprehensive Kernel Instrumentation via Dynamic Binary Translation"](http://www.cs.toronto.edu/~peter/feiner_asplos_2012.pdf) [paper]
 
-[2010: "Automatic Bug-finding Techniques for Linux Kernel" by Jiri Slaby](https://www.fi.muni.cz/~xslaby/sklad/teze.pdf) [whitepaper]
+[2010: "Automatic Bug-finding Techniques for Linux Kernel" by Jiri Slaby](https://www.fi.muni.cz/~xslaby/sklad/teze.pdf) [paper]
 
 [2009, DEF CON 11: "Opensource Kernel Auditing and Exploitation" by Silvio Cesare](https://www.youtube.com/watch?v=sNh2TD6Tf9Q&feature=youtu.be) [video]
 
@@ -701,8 +727,14 @@ https://github.com/QuestEscape/exploit
 
 https://github.com/duasynt/xfrm_poc
 
+https://github.com/snorez/exploits/blob/master/xfrm_poc_RE_challenge/lucky0_RE.c
+
 https://github.com/saelo/cve-2014-0038
 
+https://github.com/bluefrostsecurity/CVE-2020-0041/
+
+https://github.com/chompie1337/s8_2019_2215_poc/
+
 
 ## Tools
 
@@ -742,7 +774,7 @@ https://github.com/mephi42/ida-kallsyms/
 
 [[ KASLD ] Kernel Address Space Layout Derandomization](https://github.com/bcoles/kasld)
 
-## CTF tasks
+## CTF Tasks
 
 CSAW CTF 2010: [writeup](https://jon.oberheide.org/blog/2010/11/02/csaw-ctf-kernel-exploitation-challenge/), [source](https://jon.oberheide.org/files/csaw.c), [source and exploit](https://github.com/0x3f97/pwn/tree/master/kernel/csaw-ctf-2010-kernel-exploitation-challenge)
 
@@ -802,19 +834,25 @@ De1CTF 2019 (Race): [writeup and exploit](https://github.com/De1ta-team/De1CTF20
 
 zer0pts CTF 2020 (meow): [writeup](https://pr0cf5.github.io/ctf/2020/03/09/the-plight-of-tty-in-the-linux-kernel.html)
 
+DEF CON CTF Qualifier 2020 (keml): [source](https://github.com/o-o-overflow/dc2020q-keml-public), [exploit](https://gist.github.com/LYoungJoo/4d225668991c6812701b1fcad6e18646)
 
-## Misc
+DEF CON CTF Qualifier 2020 (fungez): [source](https://github.com/o-o-overflow/dc2020q-fungez-public), [exploit and writeup](https://github.com/BrieflyX/ctf-pwns/tree/master/kernel/fungez)
 
-https://github.com/Fuzion24/AndroidKernelExploitationPlayground
 
-https://github.com/ReverseLab/kernel-pwn-challenge
+## Misc
 
-https://github.com/djrbliss/libplayground
+[2020: "Android / Linux SLUB aliasing for general- and special-purpose caches" by Vitaly Nikolenko](https://www.youtube.com/watch?v=5-eRsA0l8Pg) [video]
 
 [pwnable.kr tasks](http://pwnable.kr/play.php) (syscall, rootkit, softmmu, towelroot, kcrc, exynos)
 
 [RPISEC kernel labs](https://github.com/RPISEC/MBE/tree/master/src/lab10)
 
+https://github.com/Fuzion24/AndroidKernelExploitationPlayground
+
+https://github.com/ReverseLab/kernel-pwn-challenge
+
+https://github.com/djrbliss/libplayground
+
 https://github.com/hackedteam
 
 https://github.com/mncoppola/Linux-Kernel-CTF