From 6cd42b5226e2ce82cfea933df692e1848263c639 Mon Sep 17 00:00:00 2001 From: Andrey Konovalov Date: Fri, 10 Mar 2017 01:56:15 +0100 Subject: Update README.md --- README.md | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/README.md b/README.md index 206bd2d..10fe036 100644 --- a/README.md +++ b/README.md @@ -7,6 +7,8 @@ Pull requests are welcome. ## Exploitation techniques +[2017: "Unleashing Use-Before-Initialization Vulnerabilities in the Linux Kernel Using Targeted Stack Spraying"](https://www.internetsociety.org/sites/default/files/ndss2017_09-2_Lu_paper.pdf) [whitepaper] + [2016: "Linux Kernel ROP - Ropping your way to # (Part 1)" by Vitaly Nikolenko](https://www.trustwave.com/Resources/SpiderLabs-Blog/Linux-Kernel-ROP---Ropping-your-way-to---(Part-1)/) [article] [2016: "Linux Kernel ROP - Ropping your way to # (Part 2)" by Vitaly Nikolenko](https://www.trustwave.com/Resources/SpiderLabs-Blog/Linux-Kernel-ROP---Ropping-your-way-to---(Part-2)/) [article] @@ -69,6 +71,18 @@ Pull requests are welcome. ### LPE +[2017: "CVE-2017-2636: local privilege escalation flaw in n_hdlc" by Alexander Popov](http://seclists.org/oss-sec/2017/q1/569) [announcement, CVE-2017-2636] + +[2017: "CVE-2017-6074: DCCP double-free vulnerability (local root)" by Andrey Konovalov](http://seclists.org/oss-sec/2017/q1/471) [announcement, CVE-2017-6074] + +[2016: "CVE-2016-8655 Linux af_packet.c race condition (local root)" by Philip Pettersson](http://seclists.org/oss-sec/2016/q4/607) [announcement, CVE-2016-8655] + +[2016, Black Hat: "Rooting Every Android From Extension To Exploitation" by Di Shen and James Fang](https://speakerdeck.com/retme7/rooting-every-android-from-extension-to-exploitation) [slides, CVE-2015-0570, CVE-2016-0820, CVE-2016-2475, CVE-2016-8453] + +[2016: "Talk is Cheap, Show Me the Code" by James Fang, Di Shen and Wen Niu](https://speakerdeck.com/retme7/talk-is-cheap-show-me-the-code) [slides, CVE-2015-1805] + +[2016: "CVE-2016-3873: Arbitrary Kernel Write in Nexus 9" by Sagi Kedmi](https://sagi.io/2016/09/cve-2016-3873-arbitrary-kernel-write-in-nexus-9/) [article, CVE-2016-3873] + [2016, Project Zero: "Exploiting Recursion in the Linux Kernel" by Jann Horn](https://googleprojectzero.blogspot.de/2016/06/exploiting-recursion-in-linux-kernel_20.html) [article, CVE-2016-1583] [2016: "ANALYSIS AND EXPLOITATION OF A LINUX KERNEL VULNERABILITY (CVE-2016-0728)" By Perception Point Research Team](http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728/) [article, CVE-2016-072] @@ -144,6 +158,8 @@ Pull requests are welcome. ### RCE +[2016: "CVE Publication: CVE 2016-8633" by Eyal Itkin](https://eyalitkin.wordpress.com/2016/11/06/cve-publication-cve-2016-8633/) [article, CVE-2016-8633] + [2011, DEF CON 19: "Owned Over Amateur Radio: Remote Kernel Exploitation in 2011"](http://cs.dartmouth.edu/~sergey/cs258/2012/Dan-Rosenberg-lecture.pdf) [slides, CVE-2011-1493] [2011, DEF CON 19: "Owned Over Amateur Radio: Remote Kernel Exploitation in 2011"](https://www.youtube.com/watch?v=kBjD0HITQZA) [video, CVE-2011-1493] @@ -182,6 +198,8 @@ Pull requests are welcome. ## Defensive +[2016: "Emerging Defense in Android Kernel" by James Fang](http://keenlab.tencent.com/en/2016/06/01/Emerging-Defense-in-Android-Kernel/) [article] + [2016: "Randomizing the Linux kernel heap freelists" by Thomas Garnier](https://medium.com/@mxatone/randomizing-the-linux-kernel-heap-freelists-b899bb99c767#.3csq8t23s) [article] [2015: "Protecting Commodity Operating Systems through Strong Kernel Isolation" by Vasileios Kemerlis](http://www.cs.columbia.edu/~angelos/Papers/theses/vpk_thesis.pdf) [whitepaper] @@ -252,6 +270,8 @@ https://github.com/ScottyBauer/Android_Kernel_CVE_POCs https://github.com/f47h3r/hackingteam_exploits +https://github.com/xairy/kernel-exploits + ## Practice @@ -302,6 +322,8 @@ https://github.com/PenturaLabs/Linux_Exploit_Suggester https://github.com/jondonas/linux-exploit-suggester-2 +https://github.com/mzet-/linux-exploit-suggester + ## Unsorted -- cgit v1.3