1 files changed, 57 insertions, 14 deletions

diff --git a/README.md b/README.md
index 9d4567d..8640060 100644
--- a/README.md
+++ b/README.md
@@ -12,6 +12,16 @@ Pull requests are welcome.
 
 ## Exploitation techniques
 
+[2018: "Linux-Kernel-Exploit Stack Smashing"](http://tacxingxing.com/2018/02/15/linux-kernel-exploit-stack-smashing/) [article]
+
+[2018, HitB: "Mirror Mirror: Rooting Android 8 with a Kernel Space Mirroring Attack" by Wang Yong](https://conference.hitb.org/hitbsecconf2018ams/materials/D1T2%20-%20Yong%20Wang%20&%20Yang%20Song%20-%20Rooting%20Android%208%20with%20a%20Kernel%20Space%20Mirroring%20Attack.pdf) [slides]
+
+[2018, BlackHat: "KSMA: Breaking        Android kernel  isolation       and     Rooting with    ARM     MMU     features" by Wang Yong](https://www.blackhat.com/docs/asia-18/asia-18-WANG-KSMA-Breaking-Android-kernel-isolation-and-Rooting-with-ARM-MMU-features.pdf) [slides]
+
+[2018, OffensiveCon: "Concolic Testing for Kernel Fuzzing and Vulnerability Discovery" by Vitaly Nikolenko](https://www.youtube.com/watch?v=mpfKN1URqdQ) [video]
+
+[2018: "Still Hammerable and Exploitable: on the Effectiveness of Software-only Physical Kernel Isolation"](https://arxiv.org/pdf/1802.07060.pdf) [paper]
+
 [2017: "KERNELFAULT: Pwning Linux using Hardware Fault Injection" by Niek Timmers and Cristofaro Mune](https://www.youtube.com/watch?v=nqF_IjXg_uM) [video]
 
 [2017: "Escalating Privileges in Linux using Fault Injection" by Niek Timmers and Cristofaro Mune](https://www.riscure.com/uploads/2017/10/escalating-privileges-in-linux-using-fi-presentation-fdtc-2017.pdf) [slides]
@@ -28,6 +38,8 @@ Pull requests are welcome.
 
 [2017: "Unleashing Use-Before-Initialization Vulnerabilities in the Linux Kernel Using Targeted Stack Spraying"](https://www.internetsociety.org/sites/default/files/ndss2017_09-2_Lu_paper.pdf) [whitepaper]
 
+[2017: "Breaking KASLR with perf" by Lizzie Dixon](https://blog.lizzie.io/kaslr-and-perf.html) [article]
+
 [2016: "Getting Physical Extreme abuse of Intel based Paging Systems" by Nicolas Economou and Enrique Nissim](https://www.coresecurity.com/system/files/publications/2016/05/CSW2016%20-%20Getting%20Physical%20-%20Extended%20Version.pdf) [slides]
 
 [2016: "Linux Kernel ROP - Ropping your way to # (Part 1)" by Vitaly Nikolenko](https://www.trustwave.com/Resources/SpiderLabs-Blog/Linux-Kernel-ROP---Ropping-your-way-to---(Part-1)/) [article]
@@ -104,6 +116,10 @@ Pull requests are welcome.
 
 ### LPE
 
+[2018: "Ubuntu kernel eBPF 0day analysis"](https://security.tencent.com/index.php/blog/msg/124) [article, CVE-2017-16995]
+
+[2017: "Adapting the POC for CVE-2017-1000112 to Other Kernels"](https://ricklarabee.blogspot.de/2017/12/adapting-poc-for-cve-2017-1000112-to.html) [article, CVE-2017-1000112]
+
 [2017: "The Art of Exploiting Unconventional Use-after-free Bugs in Android Kernel" by Di Shen](https://speakerdeck.com/retme7/the-art-of-exploiting-unconventional-use-after-free-bugs-in-android-kernel) [slides, CVE-2017-0403, CVE-2016-6787]
 
 [2017: "Exploiting CVE-2017-5123 with full protections. SMEP, SMAP, and the Chrome Sandbox!" by Chris Salls](https://salls.github.io/Linux-Kernel-CVE-2017-5123/) [article, CVE-2017-5123]
@@ -252,6 +268,13 @@ Pull requests are welcome.
 [2009: "When a "potential D.o.S." means a one-shot remote kernel exploit: the SCTP story"](https://kernelbof.blogspot.de/2009/04/kernel-memory-corruptions-are-not-just.html) [article, CVE-2009-0065]
 
 
+### Other
+
+[2017: "initroot: Bypassing Nexus 6 Secure Boot through Kernel Command-line Injection"](https://alephsecurity.com/2017/05/23/nexus6-initroot/#anecdote-a-linux-kernel-out-of-bounds-write-cve-2017-1000363) [article, CVE-2017-1000363]
+
+[2016: "Motorola Android Bootloader Kernel Cmdline Injection Secure Boot Bypass"](https://alephsecurity.com/vulns/aleph-2017011) [article, CVE-2016-10277]
+
+
 ## Protection bypass techniques
 
 [2016: "Linux Kernel x86-64 bypass SMEP - KASLR - kptr_restric"](http://blackbunny.io/linux-kernel-x86-64-bypass-smep-kaslr-kptr_restric/) [article]
@@ -287,6 +310,8 @@ Pull requests are welcome.
 
 ## Defensive
 
+[2018: "KASR: A Reliable and Practical Approach to Attack Surface Reduction of Commodity OS Kernels"] (https://arxiv.org/pdf/1802.07062.pdf) [paper]
+
 [2018, Linux Conf AU: "The State of Kernel Self Protection" by Kees Cook](https://outflux.net/slides/2018/lca/kspp.pdf) [slides]
 
 [2017: "Towards Linux Kernel Memory Safety"](https://arxiv.org/pdf/1710.06175.pdf) [whitepaper]
@@ -303,6 +328,8 @@ Pull requests are welcome.
 
 [2017: "Fine Grained Control-Flow Integrity for The Linux Kernel" by Sandro Rigo, Michalis Polychronakis, Vasileios Kemerlis](https://www.blackhat.com/docs/asia-17/materials/asia-17-Moreira-Drop-The-Rop-Fine-Grained-Control-Flow-Integrity-For-The-Linux-Kernel.pdf) [slides]
 
+[2016: "Thwarting unknown bugs: hardening features in the mainline Linux kernel" by Mark Rutland](https://elinux.org/images/8/87/Thwarting_Unknown_Bugs.pdf) [slides]
+
 [2016: "Emerging Defense in Android Kernel" by James Fang](http://keenlab.tencent.com/en/2016/06/01/Emerging-Defense-in-Android-Kernel/) [article]
 
 [2016: "Randomizing the Linux kernel heap freelists" by Thomas Garnier](https://medium.com/@mxatone/randomizing-the-linux-kernel-heap-freelists-b899bb99c767#.3csq8t23s) [article]
@@ -315,11 +342,17 @@ Pull requests are welcome.
 
 [2012: "How do I mitigate against NULL pointer dereference vulnerabilities?" by RedHat](https://access.redhat.com/articles/20484) [article]
 
+[2011: "Linux kernel vulnerabilities: State-of-the-art defenses and open problems"](https://pdos.csail.mit.edu/papers/chen-kbugs.pdf) [paper]
+
 [2009, Phrack: "Linux Kernel Heap Tampering Detection" by Larry Highsmith](http://phrack.org/archives/issues/66/15.txt) [article]
 
 
 ## Fuzzing & detectors
 
+[2018, BlackHat: "New Compat Vulnerabilities In Linux Device Drivers"](https://www.blackhat.com/docs/asia-18/asia-18-Ding-New-Compat-Vulnerabilities-In-Linux-Device-Drivers.pdf) [slides]
+
+[2018: "Precise and Scalable Detection of Double-Fetch Bugs in OS Kernels"](http://www-users.cs.umn.edu/~kjlu/papers/deadline.pdf) [paper]
+
 [2017: "The android vulnerability discovery in SoC" by Yu Pan and Yang Dai](http://powerofcommunity.net/poc2017/yu.pdf) [slides]
 
 [2017, Black Hat USA: "Evolutionary Kernel Fuzzing" by Richard Johnson](https://moflow.org/Presentations/Evolutionary%20Kernel%20Fuzzing-BH2017-rjohnson-FINAL.pdf) [slides]
@@ -439,20 +472,8 @@ PlaidCTF 2013 (Servr): [writeup](http://blog.frizn.fr/plaidctf-2013/pwn-400-serv
 
 0ctf2017: [source and exploit](https://github.com/lovelydream/0ctf2017_kernel_pwn)
 
+0ctf2018: [writeup 1](http://blog.eadom.net/writeups/0ctf-2018-zerofs-writeup/), [writeup 2](http://ddaa.tw/0ctf_pwnable_478_zer0fs.html)
 
-### Misc
-
-https://github.com/Fuzion24/AndroidKernelExploitationPlayground
-
-https://github.com/ReverseLab/kernel-pwn-challenge
-
-https://github.com/NoviceLive/research-rootkit
-
-https://github.com/djrbliss/libplayground
-
-[pwnable.kr tasks](http://pwnable.kr/play.php) (syscall, rootkit, softmmu, towelroot, kcrc, exynos)
-
-[RPISEC kernel labs](https://github.com/RPISEC/MBE/tree/master/src/lab10) 
 
 ## Tools
 
@@ -477,10 +498,32 @@ http://www.openwall.com/lkrg/
 https://github.com/IAIK/meltdown
 
 
-## Unsorted
+### Misc
+
+https://github.com/Fuzion24/AndroidKernelExploitationPlayground
+
+https://github.com/ReverseLab/kernel-pwn-challenge
+
+https://github.com/NoviceLive/research-rootkit
+
+https://github.com/djrbliss/libplayground
+
+[pwnable.kr tasks](http://pwnable.kr/play.php) (syscall, rootkit, softmmu, towelroot, kcrc, exynos)
+
+[RPISEC kernel labs](https://github.com/RPISEC/MBE/tree/master/src/lab10) 
+
+https://github.com/hackedteam
 
 https://github.com/mncoppola/Linux-Kernel-CTF
 
 https://crowell.github.io/blog/2014/11/24/hosting-a-local-kernel-ctf-challenge/
 
 https://github.com/ukanth/afwall/wiki/Kernel-security
+
+https://github.com/a13xp0p0v/linux-kernel-defence-map
+
+https://github.com/kmcallister/alameda
+
+https://github.com/01org/jit-spray-poc-for-ksp
+
+https://forums.grsecurity.net/viewforum.php?f=7