From 53ed07b2ad02ec22401d9a956a7a721253384429 Mon Sep 17 00:00:00 2001
From: Andrey Konovalov
Date: Sun, 17 Dec 2017 23:43:07 +0100
Subject: Update README.md

---
 README.md | 34 +++++++++++++++++++++++++++++++---
 1 file changed, 31 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index cc59975..4d987f4 100644
--- a/README.md
+++ b/README.md
@@ -12,6 +12,8 @@ Pull requests are welcome.
 
 ## Exploitation techniques
 
+[2017: "KERNELFAULT: Pwning Linux using Hardware Fault Injection" by Niek Timmers and Cristofaro Mune](https://www.youtube.com/watch?v=nqF_IjXg_uM) [video]
+
 [2017: "Kernel Driver mmap Handler Exploitation" by Mateusz Fruba](https://labs.mwrinfosecurity.com/assets/BlogFiles/mwri-mmap-exploitation-whitepaper-2017-09-18.pdf) [whitepaper]
 
 [2017: "Linux kernel addr_limit bug / exploitation" by Vitaly Nikolenko](https://www.youtube.com/watch?v=UFakJa3t8Ls) [video]
@@ -96,6 +98,12 @@ Pull requests are welcome.
 
 ### LPE
 
+[2017: "The Art of Exploiting Unconventional Use-after-free Bugs in Android Kernel" by Di Shen](https://speakerdeck.com/retme7/the-art-of-exploiting-unconventional-use-after-free-bugs-in-android-kernel) [slides, CVE-2017-0403, CVE-2016-6787]
+
+[2017: "Exploiting CVE-2017-5123 with full protections. SMEP, SMAP, and the Chrome Sandbox!" by Chris Salls](https://salls.github.io/Linux-Kernel-CVE-2017-5123/) [article, CVE-2017-5123]
+
+[2017: "Exploiting CVE-2017-5123" by Federico Bento](https://reverse.put.as/2017/11/07/exploiting-cve-2017-5123/) [article, CVE-2017-5123]
+
 [2017: "Exploiting on CVE-2016-6787"](https://hardenedlinux.github.io/system-security/2017/10/16/Exploiting-on-CVE-2016-6787.html) [article, CVE-2016-6787]
 
 [2017: "Race For Root: The Analysis Of The Linux Kernel Race Condition Exploit" by Alexander Popov](https://www.youtube.com/watch?v=g7Qm0NpPAz4) [video, CVE-2017-2636]
@@ -269,6 +277,8 @@ Pull requests are welcome.
 
 ## Defensive
 
+[2017: "Towards Linux Kernel Memory Safety"](https://arxiv.org/pdf/1710.06175.pdf) [whitepaper]
+
 [2017: "Proposal of a Method to Prevent Privilege Escalation Attacks for Linux Kernel"](https://events.linuxfoundation.org/sites/events/files/slides/nakamura_20170831_1.pdf) [slides]
 
 [2017: "Linux Kernel Self Protection Project" by Kees Cook](https://outflux.net/slides/2017/lss/kspp.pdf) [slides]
@@ -296,6 +306,14 @@ Pull requests are welcome.
 
 ## Fuzzing & detectors
 
+[2017, Black Hat USA: "Evolutionary Kernel Fuzzing" by Richard Johnson](https://moflow.org/Presentations/Evolutionary%20Kernel%20Fuzzing-BH2017-rjohnson-FINAL.pdf) [slides]
+
+[2017: "DIFUZE: Interface Aware Fuzzing for Kernel Drivers"](https://www.blackhat.com/docs/eu-17/materials/eu-17-Corina-Difuzzing-Android-Kernel-Drivers-wp.pdf) [whitepaper]
+
+[2017: "DIFUZE: Interface Aware Fuzzing for Kernel Drivers"](https://www.blackhat.com/docs/eu-17/materials/eu-17-Corina-Difuzzing-Android-Kernel-Drivers.pdf) [slides]
+
+[2017, CCS: "SemFuzz: Semantics-based Automatic Generation of Proof-of-Concept Exploits"](https://acmccs.github.io/papers/p2139-youA.pdf) [whitepaper]
+
 [2017, USENIX: "kAFL: Hardware-Assisted Feedback Fuzzing for OS Kernels"](https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-schumilo.pdf) [whitepaper]
 
 [2017, USENIX: "How Double-Fetch Situations turn into DoubleFetch Vulnerabilities: A Study of Double Fetches in the Linux Kernel"](https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-wang.pdf) [whitepaper]
@@ -316,16 +334,16 @@ Pull requests are welcome.
 
 [2015, Black Hat: "Don't Trust Your USB! How to Find Bugs in USB Device Drivers" by Sergej Schumilo, Ralf Spenneberg, and Hendrik Schwartke](https://www.youtube.com/watch?v=OAbzN8k6Am4) [video]
 
+[2012: "Comprehensive Kernel Instrumentation via Dynamic Binary Translation"](http://www.cs.toronto.edu/~peter/feiner_asplos_2012.pdf) [whitepaper]
+
 [2010: "Automatic Bug-finding Techniques for Linux Kernel" by Jiri Slaby](https://www.fi.muni.cz/~xslaby/sklad/teze.pdf) [whitepaper]
 
 
 ## Fuzzers
 
-https://github.com/kernelslacker/trinity
-
 https://github.com/google/syzkaller
 
-https://github.com/schumilo/vUSBf
+https://github.com/kernelslacker/trinity
 
 http://web.eece.maine.edu/~vweaver/projects/perf_events/fuzzer/
 
@@ -335,6 +353,10 @@ https://github.com/oracle/kernel-fuzzing
 
 https://github.com/rgbkrk/iknowthis
 
+https://github.com/schumilo/vUSBf
+
+https://github.com/ucsb-seclab/difuze
+
 
 ## Exploits
 
@@ -370,6 +392,8 @@ https://github.com/nongiach/CVE/tree/master/CVE-2017-5123
 
 http://seclists.org/fulldisclosure/2010/Sep/268
 
+https://github.com/hardenedlinux/offensive_poc
+
 
 ## Practice
 
@@ -424,6 +448,10 @@ https://github.com/jondonas/linux-exploit-suggester-2
 
 https://github.com/mzet-/linux-exploit-suggester
 
+https://github.com/spencerdodd/kernelpop
+
+https://github.com/vnik5287/kaslr_tsx_bypass
+
 
 ## Unsorted
 
-- 
cgit v1.3