diff options
| -rw-r--r-- | README.md | 22 |
1 files changed, 20 insertions, 2 deletions
| @@ -23,6 +23,8 @@ Pull requests are welcome. | |||
| 23 | 23 | ||
| 24 | [2016, MOSEC 2016: "Talk is cheap, show me the code" by Keen Lab](https://speakerdeck.com/retme7/talk-is-cheap-show-me-the-code) [slides] | 24 | [2016, MOSEC 2016: "Talk is cheap, show me the code" by Keen Lab](https://speakerdeck.com/retme7/talk-is-cheap-show-me-the-code) [slides] |
| 25 | 25 | ||
| 26 | [2015: "Kernel Data Attack is a Realistic Security Threat"](https://www.eecis.udel.edu/~hnw/paper/kerneldata.pdf) [whitepaper] | ||
| 27 | |||
| 26 | [2015: "From Collision To Exploitation: Unleashing Use-After-Free Vulnerabilities in Linux Kernel"](https://loccs.sjtu.edu.cn/~romangol/download/papers/gossip_ccs2015.pdf) [whitepaper] | 28 | [2015: "From Collision To Exploitation: Unleashing Use-After-Free Vulnerabilities in Linux Kernel"](https://loccs.sjtu.edu.cn/~romangol/download/papers/gossip_ccs2015.pdf) [whitepaper] |
| 27 | 29 | ||
| 28 | [2015: "Linux Kernel Exploitation" by Patrick Biernat](http://security.cs.rpi.edu/courses/binexp-spring2015/lectures/23/13_lecture.pdf) [slides] | 30 | [2015: "Linux Kernel Exploitation" by Patrick Biernat](http://security.cs.rpi.edu/courses/binexp-spring2015/lectures/23/13_lecture.pdf) [slides] |
| @@ -68,6 +70,8 @@ Pull requests are welcome. | |||
| 68 | 70 | ||
| 69 | ### Information leak | 71 | ### Information leak |
| 70 | 72 | ||
| 73 | [2017: "The Infoleak that (Mostly) Wasn't" by Brad Spengler](https://grsecurity.net/the_infoleak_that_mostly_wasnt.php) [article, CVE-2017-7616] | ||
| 74 | |||
| 71 | [2016: "Exploiting a Linux Kernel Infoleak to bypass Linux kASLR"](https://marcograss.github.io/security/linux/2016/01/24/exploiting-infoleak-linux-kaslr-bypass.html) [article] | 75 | [2016: "Exploiting a Linux Kernel Infoleak to bypass Linux kASLR"](https://marcograss.github.io/security/linux/2016/01/24/exploiting-infoleak-linux-kaslr-bypass.html) [article] |
| 72 | 76 | ||
| 73 | [2010: "Linux Kernel pktcdvd Memory Disclosure" by Jon Oberheide](https://jon.oberheide.org/blog/2010/10/23/linux-kernel-pktcdvd-memory-disclosure/) [article, CVE-2010-3437] | 77 | [2010: "Linux Kernel pktcdvd Memory Disclosure" by Jon Oberheide](https://jon.oberheide.org/blog/2010/10/23/linux-kernel-pktcdvd-memory-disclosure/) [article, CVE-2010-3437] |
| @@ -79,6 +83,12 @@ Pull requests are welcome. | |||
| 79 | 83 | ||
| 80 | ### LPE | 84 | ### LPE |
| 81 | 85 | ||
| 86 | [2017: "Dirty COW and why lying is bad even if you are the Linux kernel"](https://chao-tic.github.io/blog/2017/05/24/dirty-cow) [article, CVE-2016-5195] | ||
| 87 | |||
| 88 | [2017: "NDAY-2017-0103: Arbitrary kernel write in sys_oabi_epoll_wait" by Zuk Avraham](https://blog.zimperium.com/nday-2017-0103-arbitrary-kernel-write-in-sys_oabi_epoll_wait/) [article, CVE-2016-3857] | ||
| 89 | |||
| 90 | [2017: "NDAY-2017-0106: Elevation of Privilege in NVIDIA nvhost-vic driver" by Zuk Avraham](https://blog.zimperium.com/nday-2017-0106-elevation-of-privilege-in-nvidia-nvhost-vic-driver/) [article, CVE-2016-2434] | ||
| 91 | |||
| 82 | [2017: "PWN2OWN 2017 Linux kernel privilege escalation analysis"](https://zhuanlan.zhihu.com/p/26674557) [article, CVE-2017-7184] | 92 | [2017: "PWN2OWN 2017 Linux kernel privilege escalation analysis"](https://zhuanlan.zhihu.com/p/26674557) [article, CVE-2017-7184] |
| 83 | 93 | ||
| 84 | [2017: "Exploiting the Linux kernel via packet sockets" by Andrey Konovalov](https://googleprojectzero.blogspot.com/2017/05/exploiting-linux-kernel-via-packet.html) [article, CVE-2017-7308] | 94 | [2017: "Exploiting the Linux kernel via packet sockets" by Andrey Konovalov](https://googleprojectzero.blogspot.com/2017/05/exploiting-linux-kernel-via-packet.html) [article, CVE-2017-7308] |
| @@ -103,9 +113,11 @@ Pull requests are welcome. | |||
| 103 | 113 | ||
| 104 | [2016, Project Zero: "Exploiting Recursion in the Linux Kernel" by Jann Horn](https://googleprojectzero.blogspot.de/2016/06/exploiting-recursion-in-linux-kernel_20.html) [article, CVE-2016-1583] | 114 | [2016, Project Zero: "Exploiting Recursion in the Linux Kernel" by Jann Horn](https://googleprojectzero.blogspot.de/2016/06/exploiting-recursion-in-linux-kernel_20.html) [article, CVE-2016-1583] |
| 105 | 115 | ||
| 106 | [2016: "ANALYSIS AND EXPLOITATION OF A LINUX KERNEL VULNERABILITY (CVE-2016-0728)" By Perception Point Research Team](http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728/) [article, CVE-2016-072] | 116 | [2016: "ANALYSIS AND EXPLOITATION OF A LINUX KERNEL VULNERABILITY (CVE-2016-0728)" By Perception Point Research Team](http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728/) [article, CVE-2016-0728] |
| 107 | 117 | ||
| 108 | [2016: "CVE20160728 Exploit Code Explained" by Shilong Zhao](http://dreamhack.it/linux/2016/01/25/cve-2016-0728-exploit-code-explained.html) [article, CVE-2016-072] | 118 | [2016: "CVE20160728 Exploit Code Explained" by Shilong Zhao](http://dreamhack.it/linux/2016/01/25/cve-2016-0728-exploit-code-explained.html) [article, CVE-2016-0728] |
| 119 | |||
| 120 | [2016: "CVE-2016-0728 vs Android" by Collin Mulliner](https://www.mulliner.org/blog/blosxom.cgi/security/CVE-2016-0728_vs_android.writeback?advanced_search=1) [article, CVE-2016-0728] | ||
| 109 | 121 | ||
| 110 | [2016: "Notes about CVE-2016-7117" by Lizzie Dixon](https://blog.lizzie.io/notes-about-cve-2016-7117.html) [article, CVE-2016-7117] | 122 | [2016: "Notes about CVE-2016-7117" by Lizzie Dixon](https://blog.lizzie.io/notes-about-cve-2016-7117.html) [article, CVE-2016-7117] |
| 111 | 123 | ||
| @@ -232,6 +244,8 @@ Pull requests are welcome. | |||
| 232 | 244 | ||
| 233 | ## Defensive | 245 | ## Defensive |
| 234 | 246 | ||
| 247 | [2017: "PT-Rand: Practical Mitigation of Data-only Attacks against Page Tables"](https://www.internetsociety.org/sites/default/files/ndss2017_05B-4_Davi_paper.pdf) [whitepaper] | ||
| 248 | |||
| 235 | [2017: "KASLR is Dead: Long Live KASLR"](https://gruss.cc/files/kaiser.pdf) [whitepaper] | 249 | [2017: "KASLR is Dead: Long Live KASLR"](https://gruss.cc/files/kaiser.pdf) [whitepaper] |
| 236 | 250 | ||
| 237 | [2017: "Honey, I shrunk the attack surface – Adventures in Android security hardening" by Nick Kralevich](https://www.youtube.com/watch?v=ITL6VHOFQj8) [video] | 251 | [2017: "Honey, I shrunk the attack surface – Adventures in Android security hardening" by Nick Kralevich](https://www.youtube.com/watch?v=ITL6VHOFQj8) [video] |
| @@ -307,6 +321,10 @@ https://github.com/xairy/kernel-exploits | |||
| 307 | 321 | ||
| 308 | https://github.com/ScottyBauer/Android_Kernel_CVE_POCs | 322 | https://github.com/ScottyBauer/Android_Kernel_CVE_POCs |
| 309 | 323 | ||
| 324 | https://github.com/Kabot/Unix-Privilege-Escalation-Exploits-Pack | ||
| 325 | |||
| 326 | https://github.com/SecWiki/linux-kernel-exploits | ||
| 327 | |||
| 310 | 328 | ||
| 311 | ## Practice | 329 | ## Practice |
| 312 | 330 | ||