From b87a23935095300652f735bc5d7ceb9c7f9b03d1 Mon Sep 17 00:00:00 2001
From: Andrey Konovalov
Date: Thu, 23 Mar 2017 20:05:02 +0100
Subject: Update README.md

---
 README.md | 30 ++++++++++++++++++++++++++++--
 1 file changed, 28 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 10fe036..d6e9764 100644
--- a/README.md
+++ b/README.md
@@ -7,6 +7,8 @@ Pull requests are welcome.
 
 ## Exploitation techniques
 
+[2017: "New Reliable Android Kernel Root Exploitation Techniques"](http://powerofcommunity.net/poc2016/x82.pdf) [slides]
+
 [2017: "Unleashing Use-Before-Initialization Vulnerabilities in the Linux Kernel Using Targeted Stack Spraying"](https://www.internetsociety.org/sites/default/files/ndss2017_09-2_Lu_paper.pdf) [whitepaper]
 
 [2016: "Linux Kernel ROP - Ropping your way to # (Part 1)" by Vitaly Nikolenko](https://www.trustwave.com/Resources/SpiderLabs-Blog/Linux-Kernel-ROP---Ropping-your-way-to---(Part-1)/) [article]
@@ -39,6 +41,8 @@ Pull requests are welcome.
 
 [2012: "A Guide to Kernel Exploitation: Attacking the Core" by Enrico Perla and Massimiliano Oldani](https://www.pdf-archive.com/2011/02/24/a-guide-to-kernel-exploitation/a-guide-to-kernel-exploitation.pdf) [book]
 
+[2012: "The Linux kernel memory allocators from an exploitation perspective" by Patroklos Argyroudis](https://argp.github.io/2012/01/03/linux-kernel-heap-exploitation/) [article]
+
 [2011: "Stackjacking Your Way to grsec/PaX Bypass" by Jon Oberheide](https://jon.oberheide.org/blog/2011/04/20/stackjacking-your-way-to-grsec-pax-bypass/) [article]
 
 [2010: "Much ado about NULL: Exploiting a kernel NULL dereference"](https://blogs.oracle.com/ksplice/entry/much_ado_about_null_exploiting1) [article]
@@ -53,8 +57,12 @@ Pull requests are welcome.
 
 [2007, Phrack: "Attacking the Core : Kernel Exploiting Notes"](http://phrack.org/archives/issues/64/6.txt) [article]
 
+[2007: "The story of exploiting kmalloc() overflows"](http://www.ouah.org/kmallocstory.html) [article]
+
 [2005, CancSecWest: "Large memory management vulnerabilities" by Gael Delalleau](https://cansecwest.com/core05/memory_vulns_delalleau.pdf) [slides]
 
+[2005: "The story of exploiting kmalloc() overflows"](https://argp.github.io/public/kmalloc_exploitation.pdf) [article]
+
 
 ## Writeups
 
@@ -87,6 +95,8 @@ Pull requests are welcome.
 
 [2016: "ANALYSIS AND EXPLOITATION OF A LINUX KERNEL VULNERABILITY (CVE-2016-0728)" By Perception Point Research Team](http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728/) [article, CVE-2016-072]
 
+[2016: "CVE20160728 Exploit Code Explained" by Shilong Zhao](http://dreamhack.it/linux/2016/01/25/cve-2016-0728-exploit-code-explained.html) [article, CVE-2016-072]
+
 [2016: "Notes about CVE-2016-7117" by Lizzie Dixon](https://blog.lizzie.io/notes-about-cve-2016-7117.html) [article, CVE-2016-7117]
 
 [2016: "CVE-2016-2384: exploiting a double-free in the usb-midi linux kernel driver" by Andrey Konovalov](https://xairy.github.io/blog/2016/cve-2016-2384) [article, CVE-2016-2384]
@@ -111,6 +121,8 @@ Pull requests are welcome.
 
 [2015, Black Hat: "Ah! Universal Android Rooting Is Back" by Wen Xu](https://www.youtube.com/watch?v=HVP1c7Ct1nM) [video, CVE-2015-3636]
 
+[2015: "When is something overflowing" by Keen Team](https://www.slideshare.net/PeterHlavaty/overflow-48573748) [slides]
+
 [2015, Project Zero: "Exploiting the DRAM rowhammer bug to gain kernel privileges" by Mark Seaborn and Thomas Dullien](https://googleprojectzero.blogspot.de/2015/03/exploiting-dram-rowhammer-bug-to-gain.html) [article, rowhammer]
 
 [2014: "Exploiting CVE-2014-0196 a walk-through of the Linux pty race condition PoC" by Samuel Gross](http://blog.includesecurity.com/2014/06/exploit-walkthrough-cve-2014-0196-pty-kernel-race-condition.html) [article, CVE-2014-0196]
@@ -125,6 +137,8 @@ Pull requests are welcome.
 
 [2014: "Exploiting the Futex Bug and uncovering Towelroot"](http://tinyhack.com/2014/07/07/exploiting-the-futex-bug-and-uncovering-towelroot/) [article, CVE-2014-3153]
 
+[2014: "CVE-2014-3153 Exploit" by Joel Eriksson](http://www.clevcode.org/cve-2014-3153-exploit/) [article, CVE-2014-3153]
+
 [2013: "Privilege Escalation Kernel Exploit" by Julius Plenz](https://blog.plenz.com/2013-02/privilege-escalation-kernel-exploit.html) [article, CVE-2013-1763]
 
 [2013: "A closer look at a recent privilege escalation bug in Linux (CVE-2013-2094)" by Joe Damato](http://timetobleed.com/a-closer-look-at-a-recent-privilege-escalation-bug-in-linux-cve-2013-2094/) [article, CVE-2013-2094]
@@ -153,6 +167,10 @@ Pull requests are welcome.
 
 [2009: "Even when one byte matters"](https://kernelbof.blogspot.de/2009/07/even-when-one-byte-matters.html) [article, CVE-2009-1046]
 
+[2009: "CVE-2008-0009/CVE-2008-0010: Linux kernel vmsplice(2) Privilege Escalation"](https://xorl.wordpress.com/2009/08/10/cve-2008-0600cve-2008-0010-linux-kernel-vmsplice2-privilege-escalation/) [article, CVE-2008-0009, CVE-2008-0010]
+
+[2008: "vmsplice(): the making of a local root exploit" by Jonathan Corbet](https://lwn.net/Articles/268783/) [article, CVE-2008-0600]
+
 [2004: "Linux kernel do_mremap VMA limit local privilege escalation vulnerability"](http://isec.pl/vulnerabilities/isec-0014-mremap-unmap.txt) [article, CVE-2004-0077]
 
 
@@ -169,6 +187,8 @@ Pull requests are welcome.
 
 ## Protection bypass techniques
 
+[2016: "Linux Kernel x86-64 bypass SMEP - KASLR - kptr_restric"](http://blackbunny.io/linux-kernel-x86-64-bypass-smep-kaslr-kptr_restric/) [article]
+
 [2016, KIWICON: "Practical SMEP bypass techniques on Linux" by Vitaly Nikolenko](https://cyseclabs.com/slides/smep_bypass.pdf) [slides]
 
 [2016: "Micro architecture attacks on KASLR" by Anders Fogh"](https://cyber.wtf/2016/10/25/micro-architecture-attacks-on-kasrl/) [article]
@@ -258,20 +278,24 @@ https://github.com/rgbkrk/iknowthis
 
 https://www.exploit-db.com/search/?action=search&description=linux+kernel
 
-https://bugs.chromium.org/p/project-zero/issues/list?can=1&q=linux+kernel&colspec=ID+Type+Status+Priority+Milestone+Owner+Summary&cells=ids
+https://github.com/offensive-security/exploit-database/tree/master/platforms/linux/local
 
-https://github.com/dirtycow/dirtycow.github.io/wiki/PoCs
+https://bugs.chromium.org/p/project-zero/issues/list?can=1&q=linux+kernel&colspec=ID+Type+Status+Priority+Milestone+Owner+Summary&cells=ids
 
 http://vulnfactory.org/exploits/
 
 https://www.kernel-exploits.com/
 
+https://github.com/dirtycow/dirtycow.github.io/wiki/PoCs
+
 https://github.com/ScottyBauer/Android_Kernel_CVE_POCs
 
 https://github.com/f47h3r/hackingteam_exploits
 
 https://github.com/xairy/kernel-exploits
 
+https://github.com/ScottyBauer/Android_Kernel_CVE_POCs
+
 
 ## Practice
 
@@ -295,6 +319,8 @@ PlaidCTF 2013 (Servr): [writeup](http://blog.frizn.fr/plaidctf-2013/pwn-400-serv
 
 0ctf2016: [writeup](http://dragonsector.pl/docs/0ctf2016_writeups.pdf), [exploit](https://gist.github.com/anonymous/83f96600c5ae851940d6)
 
+0ctf2017: [source and exploit](https://github.com/lovelydream/0ctf2017_kernel_pwn)
+
 
 ### Misc
 
-- 
cgit v1.3