summaryrefslogtreecommitdiff
path: root/README.md
diff options
context:
space:
mode:
Diffstat (limited to 'README.md')
-rw-r--r--README.md30
1 files changed, 30 insertions, 0 deletions
diff --git a/README.md b/README.md
index a9da759..a6f5cce 100644
--- a/README.md
+++ b/README.md
@@ -9,6 +9,8 @@ Pull requests are welcome.
9 9
10## Exploitation techniques 10## Exploitation techniques
11 11
12[2019: "Kepler: Facilitating Control-flow Hijacking Primitive Evaluation for Linux Kernel Vulnerabilities"](https://www.usenix.org/sites/default/files/conference/protected-files/sec19_slides_wu-wei.pdf) [slides] [[video](https://www.youtube.com/watch?v=4b_GbFs5XZI)] [[paper](https://www.usenix.org/system/files/sec19-wu-wei.pdf)]
13
12[2019: "Leak kernel pointer by exploiting uninitialized uses in Linux kernel" by Jinbum Park](https://jinb-park.github.io/leak-kptr.html) [slides] 14[2019: "Leak kernel pointer by exploiting uninitialized uses in Linux kernel" by Jinbum Park](https://jinb-park.github.io/leak-kptr.html) [slides]
13 15
14[2018: "Linux Kernel universal heap spray" by Vitaly Nikolenko](https://cyseclabs.com/blog/linux-kernel-heap-spray) [article] 16[2018: "Linux Kernel universal heap spray" by Vitaly Nikolenko](https://cyseclabs.com/blog/linux-kernel-heap-spray) [article]
@@ -133,6 +135,10 @@ Pull requests are welcome.
133 135
134### LPE 136### LPE
135 137
138[2019: "Tailoring CVE-2019-2215 to Achieve Root" by Grant Hernandez](https://hernan.de/blog/2019/10/15/tailoring-cve-2019-2215-to-achieve-root/) [article, CVE-2019-2215]
139
140[2019: "Android: Use-After-Free in Binder driver"](https://bugs.chromium.org/p/project-zero/issues/detail?id=1942) [announcement, CVE 2019-2215]
141
136[2019: "From Zero to Root: Building Universal Android Rooting with a Type Confusion Vulnerability" by Wang Yong](https://github.com/ThomasKing2014/slides/blob/master/Building%20universal%20Android%20rooting%20with%20a%20type%20confusion%20vulnerability.pdf) [slides, CVE-2018-9568] 142[2019: "From Zero to Root: Building Universal Android Rooting with a Type Confusion Vulnerability" by Wang Yong](https://github.com/ThomasKing2014/slides/blob/master/Building%20universal%20Android%20rooting%20with%20a%20type%20confusion%20vulnerability.pdf) [slides, CVE-2018-9568]
137 143
138[2019: "Android Binder: The Bridge To Root" by Hongli Han and Mingjian Zhou](https://conference.hitb.org/hitbsecconf2019ams/materials/D2T2%20-%20Binder%20-%20The%20Bridge%20to%20Root%20-%20Hongli%20Han%20&%20Mingjian%20Zhou.pdf) [slides, CVE-2019-2025] 144[2019: "Android Binder: The Bridge To Root" by Hongli Han and Mingjian Zhou](https://conference.hitb.org/hitbsecconf2019ams/materials/D2T2%20-%20Binder%20-%20The%20Bridge%20to%20Root%20-%20Hongli%20Han%20&%20Mingjian%20Zhou.pdf) [slides, CVE-2019-2025]
@@ -363,6 +369,10 @@ Pull requests are welcome.
363 369
364## Defensive 370## Defensive
365 371
372[2019: "security things in Linux vX.X" by Kees Cook](https://outflux.net/blog/archives/2019/07/17/security-things-in-linux-v5-2/) [articles]
373
374[2019: "Control-Flow Integrity for the Linux kernel: A Security Evaluation" by Federico Manuel Bento](http://www.alunos.dcc.fc.up.pt/~up201407890/Thesis.pdf) [thesis]
375
366[2019: "Kernel Self-Protection Project" by Kees Cook](https://outflux.net/slides/2019/lss/kspp.pdf) [slides] 376[2019: "Kernel Self-Protection Project" by Kees Cook](https://outflux.net/slides/2019/lss/kspp.pdf) [slides]
367 377
368[2019: "Touch but don’t look - Running the Kernel in Execute-only memory" by Rick Edgecombe](https://linuxplumbersconf.org/event/4/contributions/283/attachments/357/588/Touch_but_dont_look__Running_the_kernel_in_execute_only_memory-presented.pdf) [slides] 378[2019: "Touch but don’t look - Running the Kernel in Execute-only memory" by Rick Edgecombe](https://linuxplumbersconf.org/event/4/contributions/283/attachments/357/588/Touch_but_dont_look__Running_the_kernel_in_execute_only_memory-presented.pdf) [slides]
@@ -434,6 +444,8 @@ Pull requests are welcome.
434 444
435## Vulnerability discovery 445## Vulnerability discovery
436 446
447[2019: "Effective Static Analysis of Concurrency Use-After-Free Bugs in Linux Device Drivers"](https://hal.inria.fr/hal-02182516/document) [paper]
448
437[2019: "A gentle introduction to Linux Kernel fuzzing" by 449[2019: "A gentle introduction to Linux Kernel fuzzing" by
438Marek Majkowski](https://blog.cloudflare.com/a-gentle-introduction-to-linux-kernel-fuzzing/) [article] 450Marek Majkowski](https://blog.cloudflare.com/a-gentle-introduction-to-linux-kernel-fuzzing/) [article]
439 451
@@ -453,6 +465,8 @@ Marek Majkowski](https://blog.cloudflare.com/a-gentle-introduction-to-linux-kern
453 465
454[2018: "RAZZER: Finding Kernel Race Bugs through Fuzzing"](https://lifeasageek.github.io/papers/jeong:razzer.pdf) [paper] 466[2018: "RAZZER: Finding Kernel Race Bugs through Fuzzing"](https://lifeasageek.github.io/papers/jeong:razzer.pdf) [paper]
455 467
468[2018: "FastSyzkaller: Improving Fuzz Efficiency for Linux Kernel Fuzzing"](https://iopscience.iop.org/article/10.1088/1742-6596/1176/2/022013/pdf) [paper]
469
456[2018: "Writing the worlds worst Android fuzzer, and then improving it" by Brandon Falk](https://gamozolabs.github.io/fuzzing/2018/10/18/terrible_android_fuzzer.html) [article] 470[2018: "Writing the worlds worst Android fuzzer, and then improving it" by Brandon Falk](https://gamozolabs.github.io/fuzzing/2018/10/18/terrible_android_fuzzer.html) [article]
457 471
4582018: "From Thousands of Hours to a Couple of Minutes: Towards Automating Exploit Generation for Arbitrary Types of Kernel Vulnerabilities" [[slides](http://i.blackhat.com/us-18/Thu-August-9/us-18-Wu-Towards-Automating-Exploit-Generation-For-Arbitrary-Types-of-Kernel-Vulnerabilities.pdf)] [[whitepaper](http://i.blackhat.com/us-18/Thu-August-9/us-18-Wu-Towards-Automating-Exploit-Generation-For-Arbitrary-Types-of-Kernel-Vulnerabilities-wp.pdf)] 4722018: "From Thousands of Hours to a Couple of Minutes: Towards Automating Exploit Generation for Arbitrary Types of Kernel Vulnerabilities" [[slides](http://i.blackhat.com/us-18/Thu-August-9/us-18-Wu-Towards-Automating-Exploit-Generation-For-Arbitrary-Types-of-Kernel-Vulnerabilities.pdf)] [[whitepaper](http://i.blackhat.com/us-18/Thu-August-9/us-18-Wu-Towards-Automating-Exploit-Generation-For-Arbitrary-Types-of-Kernel-Vulnerabilities-wp.pdf)]
@@ -599,6 +613,10 @@ https://github.com/jollheef/lpe
599 613
600https://github.com/tangsilian/android-vuln 614https://github.com/tangsilian/android-vuln
601 615
616https://github.com/grant-h/qu1ckr00t
617
618https://github.com/kangtastic/cve-2019-2215
619
602 620
603## Practice 621## Practice
604 622
@@ -652,6 +670,12 @@ Security Fest 2019 (brainfuck64): [writeup](https://kileak.github.io/ctf/2019/se
652 670
653TokyoWesterns CTF 2019 (gnote): [writeup](https://rpis.ec/blog/tokyowesterns-2019-gnote/) 671TokyoWesterns CTF 2019 (gnote): [writeup](https://rpis.ec/blog/tokyowesterns-2019-gnote/)
654 672
673Balsn CTF 2019 (KrazyNote): [exploit](https://github.com/Mem2019/Mem2019.github.io/blob/master/codes/krazynote.c)
674
675HITCON CTF Quals 2019 (PoE): [source and exploit](https://github.com/david942j/ctf-writeups/tree/master/hitcon-quals-2019/PoE)
676
677r2con CTF 2019: [source, exploit and writeup](https://github.com/esanfelix/r2con2019-ctf-kernel)
678
655 679
656## Tools 680## Tools
657 681
@@ -683,6 +707,12 @@ https://github.com/PaoloMonti42/salt
683 707
684https://github.com/jollheef/out-of-tree 708https://github.com/jollheef/out-of-tree
685 709
710https://github.com/nforest/droidimg
711
712https://github.com/elfmaster/kdress
713
714https://github.com/mephi42/ida-kallsyms/
715
686 716
687### Misc 717### Misc
688 718