From e8fb6a713c3e158b055e26efeb17d0a69be3149f Mon Sep 17 00:00:00 2001 From: Andrey Konovalov Date: Fri, 27 Sep 2019 18:47:44 +0200 Subject: Update README.md --- README.md | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 5e6103e..23467df 100644 --- a/README.md +++ b/README.md @@ -79,6 +79,8 @@ Pull requests are welcome. [2012: "The Linux kernel memory allocators from an exploitation perspective" by Patroklos Argyroudis](https://argp.github.io/2012/01/03/linux-kernel-heap-exploitation/) [article] +[2012: "The Stack is Back" by Jon Oberheide](https://jon.oberheide.org/files/infiltrate12-thestackisback.pdf) [slides] + [2012: "Stackjacking" by Jon Oberheide and Dan Rosenberg](https://www.slideshare.net/scovetta/stackjacking) [slides] [2011: "Stackjacking Your Way to grsec/PaX Bypass" by Jon Oberheide](https://jon.oberheide.org/blog/2011/04/20/stackjacking-your-way-to-grsec-pax-bypass/) [article] @@ -361,6 +363,10 @@ Pull requests are welcome. ## Defensive +[2019: "Touch but don’t look - Running the Kernel in Execute-only memory" by Rick Edgecombe](https://linuxplumbersconf.org/event/4/contributions/283/attachments/357/588/Touch_but_dont_look__Running_the_kernel_in_execute_only_memory-presented.pdf) [slides] + +[2019: "Breaking and Protecting Linux Kernel Stack" by Elena Reshetova](https://www.youtube.com/watch?v=FacpjoQbMhU) [video] + [2019: "Making C Less Dangerous in the Linux Kernel" by Kees Cook](https://outflux.net/slides/2019/lca/danger.pdf) [slides] [2019: "Mitigation for the Kernel Space Mirroring Attack (内核镜像攻击的缓解措施)"](http://c0reteam.org/2019/01/02/ksma) [article] @@ -371,7 +377,7 @@ Pull requests are welcome. [2018, beVX: "The Last Man Standing: The Only Practical, Lightweight and Hypervisor-Based Kernel Protector Struggling with the Real World Alone" by Seunghun Han](https://github.com/kkamagui/papers/blob/master/bevx-2018/presentation.pdf) [video] -[2018, CONFidence: "Linux Kernel Runtime Guard (LKRG) under the hood" by Adam "pi3" Zabrocki](https://www.youtube.com/watch?v=tOiPM692DOM) [video] +[2018, CONFidence: "Linux Kernel Runtime Guard (LKRG) under the hood" by Adam "pi3" Zabrocki](https://www.openwall.com/presentations/CONFidence2018-LKRG-Under-The-Hood/CONFidence2018-LKRG-Under-The-Hood.pdf) [slides, [video](https://www.youtube.com/watch?v=tOiPM692DOM)] [2018: "GuardION: Practical Mitigation of DMA-based Rowhammer Attacks on ARM"](https://vvdveen.com/publications/dimva2018.pdf) [paper] @@ -424,6 +430,12 @@ Pull requests are welcome. ## Vulnerability discovery +[2019: "Unicorefuzz: On the Viability of Emulation for Kernelspace Fuzzing"](https://www.usenix.org/system/files/woot19-paper_maier.pdf) [paper] + +[2019: "Case study: Searching for a vulnerability pattern in the Linux kernel" by Alexander Popov](https://a13xp0p0v.github.io/2019/08/10/cfu.html) [article] + +[2019: "Razzer: Finding Kernel Race Bugs through Fuzzing"](https://www.youtube.com/watch?v=9UszCIxc0r0) [video] + [2019: "Fuzzing File Systems via Two-Dimensional Input Space Exploration"](https://taesoo.kim/pubs/2019/xu:janus.pdf) [paper] [2019: "PeriScope: An Effective Probing and Fuzzing Framework for the Hardware-OS Boundary"](https://www.ndss-symposium.org/wp-content/uploads/2019/02/ndss2019_04A-1_Song_paper.pdf) [paper] @@ -572,6 +584,10 @@ https://github.com/w0lfzhang/kernel_exploit https://github.com/jinb-park/linux-exploit +https://github.com/bcoles/kernel-exploits + +https://github.com/jollheef/lpe + ## Practice @@ -621,6 +637,8 @@ Insomni'hack teaser 2019 (1118daysober): [writeup 1](https://ctftime.org/writeup Security Fest 2019 (brainfuck64): [writeup](https://kileak.github.io/ctf/2019/secfest-brainfuck64/) +TokyoWesterns CTF 2019 (gnote): [writeup](https://rpis.ec/blog/tokyowesterns-2019-gnote/) + ## Tools -- cgit v1.3