Various cleanups

Remove duplicates, sort CTF tasks in reverse chronological order, and
other minor changes.

1 files changed, 52 insertions, 80 deletions

diff --git a/README.md b/README.md
index 8e7ea59..c4920b9 100644
--- a/README.md
+++ b/README.md
@@ -9,20 +9,20 @@ Pull requests are welcome.
 
 2012: "A Guide to Kernel Exploitation: Attacking the Core" by Enrico Perla and Massimiliano Oldani
 
+
 ## Workshops
 
 [2020: "pwn.college: Module: Kernel Security"](https://pwn.college/modules/kernel) [workshop]
 
 [2020: "Android Kernel Exploitation" by Ashfaq Ansari](https://github.com/cloudfuzz/android-kernel-exploitation) [workshop]
 
+
 ## Exploitation Techniques
 
 [2020: "Exploiting Uses of Uninitialized Stack Variables in Linux Kernels to Leak Kernel Pointers"](https://www.usenix.org/system/files/woot20-paper1-slides-cho.pdf) [slides] [[paper](https://www.usenix.org/system/files/woot20-paper-cho.pdf)] [[video](https://www.youtube.com/watch?v=uI377m9S0qs)]
 
 [2020: "BlindSide: Speculative Probing: Hacking Blind in the Spectre Era"](https://www.vusec.net/projects/blindside/) [paper]
 
-[2020: "Structures that can be used with Kernel Exploit"](https://ptr-yudai.hatenablog.com/entry/2020/03/16/165628) [article]
-
 [2020: "Linux Kernel Stack Smashing" by Silvio Cesare](https://blog.infosectcbr.com.au/2020/02/linux-kernel-stack-smashing.html?m=1) [article]
 
 [2020: "Structures that can be used in kernel exploits"](https://ptr-yudai.hatenablog.com/entry/2020/03/16/165628) [article]
@@ -55,11 +55,7 @@ Pull requests are welcome.
 
 [2018: "Use of timer_list structure in linux kernel exploit"](https://xz.aliyun.com/t/3455) [article]
 
-[2017: "KERNELFAULT: Pwning Linux using Hardware Fault Injection" by Niek Timmers and Cristofaro Mune](https://www.youtube.com/watch?v=nqF_IjXg_uM) [video]
-
-[2017: "Escalating Privileges in Linux using Fault Injection" by Niek Timmers and Cristofaro Mune](https://www.riscure.com/uploads/2017/10/escalating-privileges-in-linux-using-fi-presentation-fdtc-2017.pdf) [slides]
-
-[2017: "Escalating Privileges in Linux using Fault Injection" by Niek Timmers and Cristofaro Mune](https://www.riscure.com/uploads/2017/10/Riscure_Whitepaper_Escalating_Privileges_in_Linux_using_Fault_Injection.pdf) [paper]
+[2017: "Escalating Privileges in Linux using Fault Injection" by Niek Timmers and Cristofaro Mune](https://www.riscure.com/uploads/2017/10/escalating-privileges-in-linux-using-fi-presentation-fdtc-2017.pdf) [slides] [[video](https://www.youtube.com/watch?v=nqF_IjXg_uM)] [[paper](https://www.riscure.com/uploads/2017/10/Riscure_Whitepaper_Escalating_Privileges_in_Linux_using_Fault_Injection.pdf)]
 
 [2017: "Kernel Driver mmap Handler Exploitation" by Mateusz Fruba](https://labs.mwrinfosecurity.com/assets/BlogFiles/mwri-mmap-exploitation-whitepaper-2017-09-18.pdf) [paper]
 
@@ -87,8 +83,6 @@ Pull requests are welcome.
 
 [2016, DEF CON 24: "Direct Memory Attack the Kernel" by Ulf Frisk](https://www.youtube.com/watch?v=fXthwl6ShOg) [video]
 
-[2016, MOSEC 2016: "Talk is cheap, show me the code" by Keen Lab](https://speakerdeck.com/retme7/talk-is-cheap-show-me-the-code) [slides]
-
 [2016, Black Hat: "Randomization Can't Stop BPF JIT Spray" by Elena Reshetova](https://www.blackhat.com/docs/eu-16/materials/eu-16-Reshetova-Randomization-Can't-Stop-BPF-JIT-Spray.pdf) [slides] [[video](https://www.youtube.com/watch?v=_F7iQQ1Um2M)] [[paper](https://www.blackhat.com/docs/eu-16/materials/eu-16-Reshetova-Randomization-Can't-Stop-BPF-JIT-Spray-wp.pdf)]
 
 [2015: "Kernel Data Attack is a Realistic Security Threat"](https://www.eecis.udel.edu/~hnw/paper/kerneldata.pdf) [paper]
@@ -140,9 +134,12 @@ Pull requests are welcome.
 
 ## Vulnerabilities
 
-### Information Leak
+[Project Zero bug reports](https://bugs.chromium.org/p/project-zero/issues/list?can=1&q=linux%20kernel&colspec=ID%20Type%20Status%20Priority%20Milestone%20Owner%20Summary&cells=ids&sort=-id)
 
-[2019: "CVE-2018-3639 / CVE-2019-7308—Analysis of Spectre Attacking Linux Kernel ebpf"](https://xz.aliyun.com/t/4230) [article, CVE-2018-3639, CVE-2019-7308]
+
+### Information Leaks
+
+[2019: "CVE-2018-3639 / CVE-2019-7308 - Analysis of Spectre Attacking Linux Kernel ebpf"](https://xz.aliyun.com/t/4230) [article, CVE-2018-3639, CVE-2019-7308]
 
 [2019: "From IP ID to Device ID and KASLR Bypass (Extended Version)"](https://arxiv.org/pdf/1906.10478.pdf) [paper]
 
@@ -201,8 +198,6 @@ Pull requests are welcome.
 
 [2019: "Tailoring CVE-2019-2215 to Achieve Root" by Grant Hernandez](https://hernan.de/blog/2019/10/15/tailoring-cve-2019-2215-to-achieve-root/) [article, CVE-2019-2215]
 
-[2019: "Android: Use-After-Free in Binder driver"](https://bugs.chromium.org/p/project-zero/issues/detail?id=1942) [announcement, CVE 2019-2215]
-
 [2019: "From    Zero    to      Root:   Building        Universal       Android Rooting with    a Type  Confusion       Vulnerability" by Wang Yong](https://github.com/ThomasKing2014/slides/blob/master/Building%20universal%20Android%20rooting%20with%20a%20type%20confusion%20vulnerability.pdf) [slides, CVE-2018-9568]
 
 [2019: "Android Binder: The Bridge To Root" by Hongli Han and Mingjian Zhou](https://conference.hitb.org/hitbsecconf2019ams/materials/D2T2%20-%20Binder%20-%20The%20Bridge%20to%20Root%20-%20Hongli%20Han%20&%20Mingjian%20Zhou.pdf) [slides, CVE-2019-2025]
@@ -319,11 +314,7 @@ Pull requests are welcome.
 
 [2015: "Follow-up on Exploiting "BadIRET" vulnerability (CVE-2014-9322)" by Adam Zabrocki](http://blog.pi3.com.pl/?p=509) [article, CVE-2014-9322]
 
-[2015, Black Hat: "Ah! Universal Android Rooting Is Back" by Wen Xu](https://www.blackhat.com/docs/us-15/materials/us-15-Xu-Ah-Universal-Android-Rooting-Is-Back-wp.pdf) [whitepaper, CVE-2015-3636]
-
-[2015, Black Hat: "Ah! Universal Android Rooting Is Back" by Wen Xu](https://www.blackhat.com/docs/us-15/materials/us-15-Xu-Ah-Universal-Android-Rooting-Is-Back.pdf) [slides, CVE-2015-3636]
-
-[2015, Black Hat: "Ah! Universal Android Rooting Is Back" by Wen Xu](https://www.youtube.com/watch?v=HVP1c7Ct1nM) [video, CVE-2015-3636]
+[2015, Black Hat: "Ah! Universal Android Rooting Is Back" by Wen Xu](https://www.blackhat.com/docs/us-15/materials/us-15-Xu-Ah-Universal-Android-Rooting-Is-Back.pdf) [slides, CVE-2015-3636] [[video](https://www.youtube.com/watch?v=HVP1c7Ct1nM)] [[paper](https://www.blackhat.com/docs/us-15/materials/us-15-Xu-Ah-Universal-Android-Rooting-Is-Back-wp.pdf)]
 
 [2015: "When is something overflowing" by Keen Team](https://www.slideshare.net/PeterHlavaty/overflow-48573748) [slides]
 
@@ -351,16 +342,12 @@ Pull requests are welcome.
 
 [2012: "Linux Local Privilege Escalation via SUID /proc/pid/mem Write" by Jason Donenfeld](https://git.zx2c4.com/CVE-2012-0056/about/) [article, CVE-2012-0056]
 
-[2011, DEF CON 19: "Kernel Exploitation Via Uninitialized Stack" by Kees Cook](https://www.defcon.org/images/defcon-19/dc-19-presentations/Cook/DEFCON-19-Cook-Kernel-Exploitation.pdf) [slides, CVE-2010-2963]
-
-[2011, DEF CON 19: "Kernel Exploitation Via Uninitialized Stack" by Kees Cook](https://www.youtube.com/watch?v=jg-wnwnkbsy) [video, CVE-2010-2963]
+[2011, DEF CON 19: "Kernel Exploitation Via Uninitialized Stack" by Kees Cook](https://www.defcon.org/images/defcon-19/dc-19-presentations/Cook/DEFCON-19-Cook-Kernel-Exploitation.pdf) [slides, CVE-2010-2963] [[video](https://www.youtube.com/watch?v=jg-wnwnkbsy)]
 
 [2010: "CVE-2010-2963 v4l compat exploit" by Kees Cook](https://outflux.net/blog/archives/2010/10/19/cve-2010-2963-v4l-compat-exploit/) [article, CVE-2010-2963]
 
 [2010: "Exploiting large memory management vulnerabilities in Xorg server running on Linux" by Rafal Wojtczuk](http://invisiblethingslab.com/resources/misc-2010/xorg-large-memory-attacks.pdf) [article, CVE-2010-2240]
 
-[2010: "CVE-2010-4258: Turning Denial-of-service Into Privilege Escalation" by Nelson Elhage](https://blog.nelhage.com/2010/12/cve-2010-4258-from-dos-to-privesc/) [article, CVE-2010-4258]
-
 [2010: "CVE-2007-4573: The Anatomy of a Kernel Exploit" by Nelson Elhage](https://blog.nelhage.com/2010/02/cve-2007-4573-the-anatomy-of-a-kernel-exploit/) [article, CVE-2007-4573]
 
 [2010: "Linux Kernel CAN SLUB Overflow" by Jon Oberheide](https://jon.oberheide.org/blog/2010/09/10/linux-kernel-can-slub-overflow/) [article, CVE-2010-2959]
@@ -398,9 +385,7 @@ Pull requests are welcome.
 
 [2016: "CVE Publication: CVE 2016-8633" by Eyal Itkin](https://eyalitkin.wordpress.com/2016/11/06/cve-publication-cve-2016-8633/) [article, CVE-2016-8633]
 
-[2011, DEF CON 19: "Owned Over Amateur Radio: Remote Kernel Exploitation in 2011"](http://cs.dartmouth.edu/~sergey/cs258/2012/Dan-Rosenberg-lecture.pdf) [slides, CVE-2011-1493]
-
-[2011, DEF CON 19: "Owned Over Amateur Radio: Remote Kernel Exploitation in 2011"](https://www.youtube.com/watch?v=kBjD0HITQZA) [video, CVE-2011-1493]
+[2011, DEF CON 19: "Owned Over Amateur Radio: Remote Kernel Exploitation in 2011"](http://cs.dartmouth.edu/~sergey/cs258/2012/Dan-Rosenberg-lecture.pdf) [slides, CVE-2011-1493] [[video](https://www.youtube.com/watch?v=kBjD0HITQZA)]
 
 [2009: "When a "potential D.o.S." means a one-shot remote kernel exploit: the SCTP story"](https://kernelbof.blogspot.de/2009/04/kernel-memory-corruptions-are-not-just.html) [article, CVE-2009-0065]
 
@@ -460,17 +445,13 @@ Pull requests are welcome.
 
 [2016, Black Hat USA: "Using Undocumented CPU Behavior to See Into Kernel Mode and Break KASLR in the Process"](https://www.youtube.com/watch?v=T3kmq2NLpH4) [video]
 
-[2016, Black Hat USA: "Breaking KASLR with Intel TSX" Yeongjin Jang, Sangho Lee and Taesoo Kim](https://www.blackhat.com/docs/us-16/materials/us-16-Jang-Breaking-Kernel-Address-Space-Layout-Randomization-KASLR-With-Intel-TSX.pdf) [slides]
-
-[2016, Black Hat USA: "Breaking KASLR with Intel TSX" Yeongjin Jang, Sangho Lee and Taesoo Kim](https://www.youtube.com/watch?v=rtuXG28g0CU) [video]
+[2016, Black Hat USA: "Breaking KASLR with Intel TSX" Yeongjin Jang, Sangho Lee and Taesoo Kim](https://www.blackhat.com/docs/us-16/materials/us-16-Jang-Breaking-Kernel-Address-Space-Layout-Randomization-KASLR-With-Intel-TSX.pdf) [slides] [[video](https://www.youtube.com/watch?v=rtuXG28g0CU)]
 
 [2016: "Breaking KASLR with micro architecture" by Anders Fogh](https://dreamsofastone.blogspot.ru/2016/02/breaking-kasrl-with-micro-architecture.html) [article]
 
 [2015: "Effectively bypassing kptr_restrict on Android" by Gal Beniamini](https://bits-please.blogspot.de/2015/08/effectively-bypassing-kptrrestrict-on.html) [article]
 
-[2014, Black Hat Europe: "ret2dir: Deconstructing Kernel Isolation" by Vasileios P. Kemerlis, Michalis Polychronakis, Angelos D. Keromytis](https://www.blackhat.com/docs/eu-14/materials/eu-14-Kemerlis-Ret2dir-Deconstructing-Kernel-Isolation-wp.pdf) [paper]
-
-[2014, Black Hat Europe: "ret2dir: Deconstructing Kernel Isolation" by Vasileios Kemerlis](https://www.youtube.com/watch?v=kot-EQ9zf9k) [video]
+[2014, Black Hat Europe: "ret2dir: Deconstructing Kernel Isolation" by Vasileios P. Kemerlis, Michalis Polychronakis, Angelos D. Keromytis](https://www.blackhat.com/docs/eu-14/materials/eu-14-Kemerlis-Ret2dir-Deconstructing-Kernel-Isolation-wp.pdf) [paper] [[video](https://www.youtube.com/watch?v=kot-EQ9zf9k)]
 
 [2013: "A Linux Memory Trick" by Dan Rosenberg](http://vulnfactory.org/blog/2013/02/06/a-linux-memory-trick/) [article]
 
@@ -596,8 +577,6 @@ Pull requests are welcome.
 
 [2020: "Using syzkaller, part 4: Driver fuzzing" by Andre Almeida](https://www.collabora.com/news-and-blog/blog/2020/06/26/using-syzkaller-part-4-driver-fuzzing/) [article]
 
-[2020: "HFL: Hybrid Fuzzing on the Linux Kernel"](https://www.ndss-symposium.org/wp-content/uploads/2020/02/24018.pdf) [paper]
-
 [2020: "Effective Detection of Sleep-in-atomic-context Bugs in the Linux Kernel"](https://dl.acm.org/doi/pdf/10.1145/3381990) [paper]
 
 [2020: "KRACE: Data Race Fuzzing for Kernel File Systems"](https://www.cc.gatech.edu/~mxu80/pubs/xu:krace.pdf) [paper] [[video](https://www.youtube.com/watch?v=8m2fMxvRtgg)]
@@ -621,7 +600,7 @@ Marek Majkowski](https://blog.cloudflare.com/a-gentle-introduction-to-linux-kern
 
 [2019: "Case study: Searching for a vulnerability pattern in the Linux kernel" by Alexander Popov](https://a13xp0p0v.github.io/2019/08/10/cfu.html) [article]
 
-[2019: "Razzer: Finding Kernel Race Bugs through Fuzzing"](https://www.youtube.com/watch?v=9UszCIxc0r0) [video]
+[2019: "Razzer: Finding Kernel Race Bugs through Fuzzing"](https://www.youtube.com/watch?v=9UszCIxc0r0) [video] [[paper](https://lifeasageek.github.io/papers/jeong:razzer.pdf)]
 
 [2019: "Fuzzing File Systems via Two-Dimensional Input Space Exploration"](https://taesoo.kim/pubs/2019/xu:janus.pdf) [paper]
 
@@ -629,7 +608,6 @@ Marek Majkowski](https://blog.cloudflare.com/a-gentle-introduction-to-linux-kern
 
 [2019: "Hourglass       Fuzz:   A       Quick   Bug     Hunting Method"](https://conference.hitb.org/hitbsecconf2019ams/materials/D1T2%20-%20Hourglass%20Fuzz%20-%20A%20Quick%20Bug%20Hunting%20Method%20-%20Moony%20Li,%20Todd%20Han,%20Lance%20Jiang%20&%20Lilang%20Wu.pdf) [slides]
 
-[2018: "RAZZER: Finding Kernel Race Bugs through Fuzzing"](https://lifeasageek.github.io/papers/jeong:razzer.pdf) [paper]
 
 [2018: "FastSyzkaller: Improving Fuzz Efficiency for Linux Kernel Fuzzing"](https://iopscience.iop.org/article/10.1088/1742-6596/1176/2/022013/pdf) [paper]
 
@@ -717,12 +695,12 @@ https://github.com/shankarapailoor/moonshine [corpus-generation]
 
 ## Exploits
 
+[Project Zero bug reports](https://bugs.chromium.org/p/project-zero/issues/list?can=1&q=linux%20kernel&colspec=ID%20Type%20Status%20Priority%20Milestone%20Owner%20Summary&cells=ids&sort=-id)
+
 https://www.exploit-db.com/search/?action=search&description=linux+kernel
 
 https://github.com/offensive-security/exploit-database/tree/master/platforms/linux/local
 
-https://bugs.chromium.org/p/project-zero/issues/list?can=1&q=linux+kernel&colspec=ID+Type+Status+Priority+Milestone+Owner+Summary&cells=ids
-
 http://vulnfactory.org/exploits/ [2010-2011]
 
 https://github.com/dirtycow/dirtycow.github.io/wiki/PoCs
@@ -751,8 +729,6 @@ http://seclists.org/fulldisclosure/2010/Sep/268
 
 https://github.com/hardenedlinux/offensive_poc
 
-https://github.com/jiayy/android_vuln_poc-exp
-
 https://github.com/brl/grlh
 
 https://github.com/externalist/exploit_playground
@@ -761,8 +737,6 @@ https://github.com/ww9210/Linux_kernel_exploits [FUZE]
 
 https://github.com/ww9210/kepler-cfhp [KEPLER]
 
-https://github.com/Kabot/Unix-Privilege-Escalation-Exploits-Pack
-
 https://github.com/yzimhao/godpock
 
 https://github.com/packetforger/localroot
@@ -797,8 +771,6 @@ https://github.com/chompie1337/s8_2019_2215_poc/
 
 https://github.com/c3r34lk1ll3r/CVE-2017-5123
 
-https://github.com/QuestEscape/exploit/tree/master/CVE-2018-9568_WrongZone
-
 
 ## Tools
 
@@ -830,8 +802,6 @@ https://github.com/PaoloMonti42/salt
 
 https://github.com/jollheef/out-of-tree
 
-https://github.com/nforest/droidimg
-
 https://github.com/elfmaster/kdress
 
 https://github.com/mephi42/ida-kallsyms/
@@ -842,77 +812,79 @@ https://github.com/IntelLabs/kAFL/
 
 https://github.com/securesystemslab/agamotto
 
+
 ## CTF Tasks
 
-CSAW CTF 2010: [writeup](https://jon.oberheide.org/blog/2010/11/02/csaw-ctf-kernel-exploitation-challenge/), [source](https://jon.oberheide.org/files/csaw.c), [source and exploit](https://github.com/0x3f97/pwn/tree/master/kernel/csaw-ctf-2010-kernel-exploitation-challenge)
+N1 CTF 2020 (W2L): [writeup](https://github.com/Nu1LCTF/n1ctf-2020/blob/main/N1CTF2020%20Writeup%20By%20Nu1L.pdf)
 
-CSAW CTF 2011: [writeup](https://jon.oberheide.org/blog/2011/11/27/csaw-ctf-2011-kernel-exploitation-challenge/), [source](https://jon.oberheide.org/files/SqueamishOssifrage.c)
+Seccon Online 2020 (Kstack): [source, exploit and writeup](https://github.com/BrieflyX/ctf-pwns/tree/master/kernel/kstack)
 
-CSAW CTF 2013: [writeup](https://poppopret.org/2013/11/20/csaw-ctf-2013-kernel-exploitation-challenge/), [source and exploit](https://github.com/mncoppola/Brad-Oberberg)
+r2con CTF 2020: [source](https://github.com/esanfelix/r2con2020-ctf-kernel), [exploit](https://github.com/dialluvioso/box/blob/master/r2con2020-ctf-kernel/exploit.c)
 
-CSAW CTF 2014: [source and exploit](https://github.com/mncoppola/suckerusu)
+ASIS CTF 2020 (Shared House): [writeup](https://ptr-yudai.hatenablog.com/entry/2020/07/06/000622#354pts-Shared-House-7-solves)
 
-CSAW CTF 2015: [writeup 1](https://poppopret.org/2015/11/16/csaw-ctf-2015-kernel-exploitation-challenge/), [writeup 2](http://itszn.com/blog/?p=21), [source and exploit](https://github.com/mncoppola/StringIPC)
+DEF CON CTF Qualifier 2020 (fungez): [source](https://github.com/o-o-overflow/dc2020q-fungez-public), [exploit and writeup](https://github.com/BrieflyX/ctf-pwns/tree/master/kernel/fungez)
 
-Insomni’hack finals 2015: [writeup](https://blog.scrt.ch/2015/03/24/insomnihack-finals-sh1tty-writeup/), [source and exploit](https://github.com/Insomnihack/Insomnihack-2015/tree/master/exploit/sh1tty)
+DEF CON CTF Qualifier 2020 (keml): [source](https://github.com/o-o-overflow/dc2020q-keml-public), [exploit](https://gist.github.com/LYoungJoo/4d225668991c6812701b1fcad6e18646)
 
-rwth2011 CTF (ps3game): [writeup](http://mslc.ctf.su/wp/rwth2011-ctf-ps3game/)
+zer0pts CTF 2020 (meow): [writeup](https://pr0cf5.github.io/ctf/2020/03/09/the-plight-of-tty-in-the-linux-kernel.html)
 
-PlaidCTF 2013 (Servr): [writeup](http://blog.frizn.fr/plaidctf-2013/pwn-400-servr), [source](http://blog.frizn.fr/fil3z/pctf-2013/servr.tar.bz2)
+De1CTF 2019 (Race): [writeup and exploit](https://github.com/De1ta-team/De1CTF2019/tree/master/writeup/pwn/Race)
 
-0ctf2016: [writeup](http://dragonsector.pl/docs/0ctf2016_writeups.pdf), [exploit](https://gist.github.com/anonymous/83f96600c5ae851940d6)
+r2con CTF 2019: [source, exploit and writeup](https://github.com/esanfelix/r2con2019-ctf-kernel)
 
-0ctf2017: [source and exploit 1](https://github.com/lovelydream/0ctf2017_kernel_pwn), [source and exploit 2](https://github.com/yifengyou/CTF/tree/master/2017/0ctf/pwn/knote)
+HITCON CTF Quals 2019 (PoE): [source and exploit](https://github.com/david942j/ctf-writeups/tree/master/hitcon-quals-2019/PoE)
 
-0ctf2018: [writeup 1](http://blog.eadom.net/writeups/0ctf-2018-zerofs-writeup/), [writeup 2](http://ddaa.tw/0ctf_pwnable_478_zer0fs.html)
+Balsn CTF 2019 (KrazyNote): [exploit](https://github.com/Mem2019/Mem2019.github.io/blob/master/codes/krazynote.c)
 
-QWB2018 (solid_core): [writeup](http://f0r1st.me/2018/04/02/QWB2018-solid-core-Write-Up/), [exploit 1](https://github.com/w0lfzhang/kernel_exploit/tree/master/2018-qwb-core), [exploit 2](https://github.com/sixstars/ctf/tree/master/2018/qiangwangbei/core), [exploit 3](https://github.com/o0xmuhe/PwnableLog/blob/master/CTFWP/qwb2018/core/exp.c)
+TokyoWesterns CTF 2019 (gnote): [writeup](https://rpis.ec/blog/tokyowesterns-2019-gnote/), video [part 1](https://www.youtube.com/watch?v=n7osrud3PMI), [part 2](https://www.youtube.com/watch?v=i8gZ85VC2Mw)
 
-Blaze2018 (blazeme): [source and exploit 1](https://github.com/vakzz/ctfs/tree/master/Blaze2018/blazeme), [soure and exploit 2](https://github.com/wangray/ctf_dump/tree/master/Blaze2018/blazeme)
+Security Fest 2019 (brainfuck64): [writeup](https://kileak.github.io/ctf/2019/secfest-brainfuck64/)
 
-TCTF 2017 (cred_jar): [writeup](http://ww9210.cn/2017/06/08/tctf-2017-final-cred_jar-linux-kernel-driver-pwn-write-up/)
+Insomni'hack teaser 2019 (1118daysober): [writeup 1](https://ctftime.org/writeup/12919), [writeup 2](https://github.com/EmpireCTF/empirectf/blob/master/writeups/2019-01-19-Insomni-Hack-Teaser/README.md#1118daysober)
 
-N1CTF 2018: [writeup](http://r3ka.eu/2018/03/n1ctf-2018-network-card-writeup/)
+hxp CTF 2018 (Green Computing): [writeup](http://s3.eurecom.fr/nops/2018-12-10-hxp-ctf-2018-green-computing.html)
 
-Sharif CTF 2018 (kdb): [writeup](https://changochen.github.io/2018/02/07/sharif8/), [source and exploit](https://changochen.github.io/2018/02/07/sharif8/)
+WCTF 2018 (cpf): [source, writeup, and exploit](https://github.com/cykorteam/cykor_belluminar_2018/tree/master/cpf)
 
-NCSTISC 2018 (babydriver): [writeup](http://f0r1st.me/2018/03/28/ROP-in-Linux-Kernel/), [source and exploit](https://github.com/w0lfzhang/kernel_exploit/tree/master/2017-ncstisc-babydriver)
+SECT CTF 2018 (Gh0st): [writeup](http://mslc.ctf.su/wp/sect-ctf-2018-gh0st/)
 
 TWCTF 2018 (ReadableKernelModule): [writeup](http://r3ka.eu/2018/09/twctf-2018-rkm-readablekernelmodule-writeup/)
 
-SECT CTF 2018 (Gh0st): [writeup](http://mslc.ctf.su/wp/sect-ctf-2018-gh0st/)
+NCSTISC 2018 (babydriver): [writeup](http://f0r1st.me/2018/03/28/ROP-in-Linux-Kernel/), [source and exploit](https://github.com/w0lfzhang/kernel_exploit/tree/master/2017-ncstisc-babydriver)
 
-WCTF 2018 (cpf): [source, writeup, and exploit](https://github.com/cykorteam/cykor_belluminar_2018/tree/master/cpf)
+Sharif CTF 2018 (kdb): [writeup](https://changochen.github.io/2018-02-07-sharif8.html), [source and exploit](https://github.com/Changochen/CTF/tree/master/2018/SharifCTF/kdb)
 
-hxp CTF 2018 (Green Computing): [writeup](http://s3.eurecom.fr/nops/2018-12-10-hxp-ctf-2018-green-computing.html)
+N1CTF 2018: [writeup](http://r3ka.eu/2018/03/n1ctf-2018-network-card-writeup/)
 
-Insomni'hack teaser 2019 (1118daysober): [writeup 1](https://ctftime.org/writeup/12919), [writeup 2](https://github.com/EmpireCTF/empirectf/blob/master/writeups/2019-01-19-Insomni-Hack-Teaser/README.md#1118daysober)
+Blaze2018 (blazeme): [source and exploit 1](https://github.com/vakzz/ctfs/tree/master/Blaze2018/blazeme), [soure and exploit 2](https://github.com/wangray/ctf_dump/tree/master/Blaze2018/blazeme)
 
-Security Fest 2019 (brainfuck64): [writeup](https://kileak.github.io/ctf/2019/secfest-brainfuck64/)
+QWB2018 (solid_core): [writeup](http://f0r1st.me/2018/04/02/QWB2018-solid-core-Write-Up/), [exploit 1](https://github.com/w0lfzhang/kernel_exploit/tree/master/2018-qwb-core), [exploit 2](https://github.com/sixstars/ctf/tree/master/2018/qiangwangbei/core), [exploit 3](https://github.com/o0xmuhe/PwnableLog/blob/master/CTFWP/qwb2018/core/exp.c)
 
-TokyoWesterns CTF 2019 (gnote): [writeup](https://rpis.ec/blog/tokyowesterns-2019-gnote/), video [part 1](https://www.youtube.com/watch?v=n7osrud3PMI), [part 2](https://www.youtube.com/watch?v=i8gZ85VC2Mw)
+0ctf2018: [writeup 1](http://blog.eadom.net/writeups/0ctf-2018-zerofs-writeup/), [writeup 2](http://ddaa.tw/0ctf_pwnable_478_zer0fs.html)
 
-Balsn CTF 2019 (KrazyNote): [exploit](https://github.com/Mem2019/Mem2019.github.io/blob/master/codes/krazynote.c)
+TCTF 2017 (cred_jar): [writeup](http://ww9210.cn/2017/06/08/tctf-2017-final-cred_jar-linux-kernel-driver-pwn-write-up/)
 
-HITCON CTF Quals 2019 (PoE): [source and exploit](https://github.com/david942j/ctf-writeups/tree/master/hitcon-quals-2019/PoE)
+0ctf2017: [source and exploit 1](https://github.com/lovelydream/0ctf2017_kernel_pwn), [source and exploit 2](https://github.com/yifengyou/CTF/tree/master/2017/0ctf/pwn/knote)
 
-r2con CTF 2019: [source, exploit and writeup](https://github.com/esanfelix/r2con2019-ctf-kernel)
+0ctf2016: [writeup](http://dragonsector.pl/docs/0ctf2016_writeups.pdf), [exploit](https://gist.github.com/anonymous/83f96600c5ae851940d6)
 
-De1CTF 2019 (Race): [writeup and exploit](https://github.com/De1ta-team/De1CTF2019/tree/master/writeup/pwn/Race)
+Insomni’hack finals 2015: [writeup](https://blog.scrt.ch/2015/03/24/insomnihack-finals-sh1tty-writeup/), [source and exploit](https://github.com/Insomnihack/Insomnihack-2015/tree/master/exploit/sh1tty)
 
-zer0pts CTF 2020 (meow): [writeup](https://pr0cf5.github.io/ctf/2020/03/09/the-plight-of-tty-in-the-linux-kernel.html)
+CSAW CTF 2015: [writeup 1](https://poppopret.org/2015/11/16/csaw-ctf-2015-kernel-exploitation-challenge/), [writeup 2](http://itszn.com/blog/?p=21), [source and exploit](https://github.com/mncoppola/StringIPC)
 
-DEF CON CTF Qualifier 2020 (keml): [source](https://github.com/o-o-overflow/dc2020q-keml-public), [exploit](https://gist.github.com/LYoungJoo/4d225668991c6812701b1fcad6e18646)
+CSAW CTF 2014: [source and exploit](https://github.com/mncoppola/suckerusu)
 
-DEF CON CTF Qualifier 2020 (fungez): [source](https://github.com/o-o-overflow/dc2020q-fungez-public), [exploit and writeup](https://github.com/BrieflyX/ctf-pwns/tree/master/kernel/fungez)
+CSAW CTF 2013: [writeup](https://poppopret.org/2013/11/20/csaw-ctf-2013-kernel-exploitation-challenge/), [source and exploit](https://github.com/mncoppola/Brad-Oberberg)
 
-ASIS CTF 2020 (Shared House): [writeup](https://ptr-yudai.hatenablog.com/entry/2020/07/06/000622#354pts-Shared-House-7-solves)
+PlaidCTF 2013 (Servr): [writeup](http://blog.frizn.fr/plaidctf-2013/pwn-400-servr), [source](http://blog.frizn.fr/fil3z/pctf-2013/servr.tar.bz2)
 
-r2con CTF 2020: [source](https://github.com/esanfelix/r2con2020-ctf-kernel), [exploit](https://github.com/dialluvioso/box/blob/master/r2con2020-ctf-kernel/exploit.c)
+CSAW CTF 2011: [writeup](https://jon.oberheide.org/blog/2011/11/27/csaw-ctf-2011-kernel-exploitation-challenge/), [source](https://jon.oberheide.org/files/SqueamishOssifrage.c)
 
-Seccon Online 2020 (Kstack): [source, exploit and writeup](https://github.com/BrieflyX/ctf-pwns/tree/master/kernel/kstack)
+rwth2011 CTF (ps3game): [writeup](http://mslc.ctf.su/wp/rwth2011-ctf-ps3game/)
+
+CSAW CTF 2010: [writeup](https://jon.oberheide.org/blog/2010/11/02/csaw-ctf-kernel-exploitation-challenge/), [source](https://jon.oberheide.org/files/csaw.c), [source and exploit](https://github.com/0x3f97/pwn/tree/master/kernel/csaw-ctf-2010-kernel-exploitation-challenge)
 
-N1 CTF 2020 (W2L): [writeup](https://github.com/Nu1LCTF/n1ctf-2020/blob/main/N1CTF2020%20Writeup%20By%20Nu1L.pdf)
 
 ## Misc