From 2851b23d350ffe34d40c2185f012aa1308697301 Mon Sep 17 00:00:00 2001
From: Andrey Konovalov
Date: Wed, 7 Feb 2018 21:03:26 +0100
Subject: Update README.md

---
 README.md | 26 ++++++++++++++++++++++++--
 1 file changed, 24 insertions(+), 2 deletions(-)

(limited to 'README.md')

diff --git a/README.md b/README.md
index 3da9ad1..5580441 100644
--- a/README.md
+++ b/README.md
@@ -14,6 +14,10 @@ Pull requests are welcome.
 
 [2017: "KERNELFAULT: Pwning Linux using Hardware Fault Injection" by Niek Timmers and Cristofaro Mune](https://www.youtube.com/watch?v=nqF_IjXg_uM) [video]
 
+[2017: "Escalating Privileges in Linux using Fault Injection" by Niek Timmers and Cristofaro Mune](https://www.riscure.com/uploads/2017/10/escalating-privileges-in-linux-using-fi-presentation-fdtc-2017.pdf) [slides]
+
+[2017: "Escalating Privileges in Linux using Fault Injection" by Niek Timmers and Cristofaro Mune](https://www.riscure.com/uploads/2017/10/Riscure_Whitepaper_Escalating_Privileges_in_Linux_using_Fault_Injection.pdf) [whitepaper]
+
 [2017: "Kernel Driver mmap Handler Exploitation" by Mateusz Fruba](https://labs.mwrinfosecurity.com/assets/BlogFiles/mwri-mmap-exploitation-whitepaper-2017-09-18.pdf) [whitepaper]
 
 [2017: "Linux kernel addr_limit bug / exploitation" by Vitaly Nikolenko](https://www.youtube.com/watch?v=UFakJa3t8Ls) [video]
@@ -24,6 +28,8 @@ Pull requests are welcome.
 
 [2017: "Unleashing Use-Before-Initialization Vulnerabilities in the Linux Kernel Using Targeted Stack Spraying"](https://www.internetsociety.org/sites/default/files/ndss2017_09-2_Lu_paper.pdf) [whitepaper]
 
+[2016: "Getting Physical Extreme abuse of Intel based Paging Systems" by Nicolas Economou and Enrique Nissim](https://www.coresecurity.com/system/files/publications/2016/05/CSW2016%20-%20Getting%20Physical%20-%20Extended%20Version.pdf) [slides]
+
 [2016: "Linux Kernel ROP - Ropping your way to # (Part 1)" by Vitaly Nikolenko](https://www.trustwave.com/Resources/SpiderLabs-Blog/Linux-Kernel-ROP---Ropping-your-way-to---(Part-1)/) [article]
 
 [2016: "Linux Kernel ROP - Ropping your way to # (Part 2)" by Vitaly Nikolenko](https://www.trustwave.com/Resources/SpiderLabs-Blog/Linux-Kernel-ROP---Ropping-your-way-to---(Part-2)/) [article]
@@ -104,6 +110,8 @@ Pull requests are welcome.
 
 [2017: "Exploiting CVE-2017-5123" by Federico Bento](https://reverse.put.as/2017/11/07/exploiting-cve-2017-5123/) [article, CVE-2017-5123]
 
+[2017: "Escaping Docker container using waitid() – CVE-2017-5123" by Daniel Shapira](https://www.twistlock.com/2017/12/27/escaping-docker-container-using-waitid-cve-2017-5123/) [article, CVE-2017-5123]
+
 [2017: "Exploiting on CVE-2016-6787"](https://hardenedlinux.github.io/system-security/2017/10/16/Exploiting-on-CVE-2016-6787.html) [article, CVE-2016-6787]
 
 [2017: "Race For Root: The Analysis Of The Linux Kernel Race Condition Exploit" by Alexander Popov](https://www.youtube.com/watch?v=g7Qm0NpPAz4) [video, CVE-2017-2636]
@@ -202,8 +210,6 @@ Pull requests are welcome.
 
 [2010: "Exploiting large memory management vulnerabilities in Xorg server running on Linux" by Rafal Wojtczuk](http://invisiblethingslab.com/resources/misc-2010/xorg-large-memory-attacks.pdf) [article, CVE-2010-2240]
 
-[2010: "Some Notes on CVE-2010-3081 Exploitability"](https://blog.nelhage.com/2010/11/exploiting-cve-2010-3081/) [article, CVE-2010-3081]
-
 [2010: "CVE-2010-4258: Turning Denial-of-service Into Privilege Escalation" by Nelson Elhage](https://blog.nelhage.com/2010/12/cve-2010-4258-from-dos-to-privesc/) [article, CVE-2010-4258]
 
 [2010: "CVE-2007-4573: The Anatomy of a Kernel Exploit" by Nelson Elhage](https://blog.nelhage.com/2010/02/cve-2007-4573-the-anatomy-of-a-kernel-exploit/) [article, CVE-2007-4573]
@@ -216,6 +222,10 @@ Pull requests are welcome.
 
 [2010: "linux compat vulns (part 2)" by Ben Hawkes](http://inertiawar.com/compat2/) [article, CVE-2010-3301]
 
+[2010: "Some Notes on CVE-2010-3081 Exploitability"](https://blog.nelhage.com/2010/11/exploiting-cve-2010-3081/) [article, CVE-2010-3081]
+
+[2010: "Anatomy of an exploit: CVE-2010-3081"](https://blogs.oracle.com/ksplice/anatomy-of-an-exploit%3a-cve-2010-3081) [article, CVE-2010-3081]
+
 [2010: "CVE-2010-4258: Turning denial-of-service into privilege escalation" by Nelson Elhage](https://blog.nelhage.com/2010/12/cve-2010-4258-from-dos-to-privesc/) [article, CVE-2010-4258]
 
 [2009: "Linux NULL pointer dereference due to incorrect proto_ops initializations (CVE-2009-2692)"](http://blog.cr0.org/2009/08/linux-null-pointer-dereference-due-to.html) [article, CVE-2009-2692]
@@ -277,6 +287,8 @@ Pull requests are welcome.
 
 ## Defensive
 
+[2018, Linux Conf AU: "The State of Kernel Self Protection" by Kees Cook](https://outflux.net/slides/2018/lca/kspp.pdf) [slides]
+
 [2017: "Towards Linux Kernel Memory Safety"](https://arxiv.org/pdf/1710.06175.pdf) [whitepaper]
 
 [2017: "Proposal of a Method to Prevent Privilege Escalation Attacks for Linux Kernel"](https://events.linuxfoundation.org/sites/events/files/slides/nakamura_20170831_1.pdf) [slides]
@@ -297,6 +309,8 @@ Pull requests are welcome.
 
 [2015: "Protecting Commodity Operating Systems through Strong Kernel Isolation" by Vasileios Kemerlis](http://www.cs.columbia.edu/~angelos/Papers/theses/vpk_thesis.pdf) [whitepaper]
 
+[2014: "Kernel Self-Protection through Quantified Attack Surface Reduction" by Anil Kurmus](https://publikationsserver.tu-braunschweig.de/servlets/MCRFileNodeServlet/digibib_derivate_00036154/Diss_Kurmus_Anil.pdf) [whitepaper]
+
 [2013: "KASLR: An Exercise in Cargo Cult Security" by Brad Spengler](https://forums.grsecurity.net/viewtopic.php?f=7&t=3367) [article]
 
 [2012: "How do I mitigate against NULL pointer dereference vulnerabilities?" by RedHat](https://access.redhat.com/articles/20484) [article]
@@ -306,6 +320,8 @@ Pull requests are welcome.
 
 ## Fuzzing & detectors
 
+[2017: "The android vulnerability discovery in SoC" by Yu Pan and Yang Dai](http://powerofcommunity.net/poc2017/yu.pdf) [slides]
+
 [2017, Black Hat USA: "Evolutionary Kernel Fuzzing" by Richard Johnson](https://moflow.org/Presentations/Evolutionary%20Kernel%20Fuzzing-BH2017-rjohnson-FINAL.pdf) [slides]
 
 [2017: "DIFUZE: Interface Aware Fuzzing for Kernel Drivers"](https://www.blackhat.com/docs/eu-17/materials/eu-17-Corina-Difuzzing-Android-Kernel-Drivers-wp.pdf) [whitepaper]
@@ -394,6 +410,10 @@ http://seclists.org/fulldisclosure/2010/Sep/268
 
 https://github.com/hardenedlinux/offensive_poc
 
+https://github.com/jiayy/android_vuln_poc-exp
+
+https://github.com/brl/grlh
+
 
 ## Practice
 
@@ -452,6 +472,8 @@ https://github.com/spencerdodd/kernelpop
 
 https://github.com/vnik5287/kaslr_tsx_bypass
 
+http://www.openwall.com/lkrg/
+
 
 ## Unsorted
 
-- 
cgit v1.3