From 8002d273cdfaae3fbb05a215343547cfd7287a5e Mon Sep 17 00:00:00 2001 From: Andrey Konovalov Date: Tue, 6 Nov 2018 17:31:09 +0100 Subject: Update README.md --- README.md | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) (limited to 'README.md') diff --git a/README.md b/README.md index 517c9ce..9a2542c 100644 --- a/README.md +++ b/README.md @@ -10,6 +10,8 @@ Pull requests are welcome. ## Exploitation techniques +[2018: "Linux Kernel universal heap spray" by Vitaly Nikolenko](https://cyseclabs.com/blog/linux-kernel-heap-spray) [article] + [2018: "Linux-Kernel-Exploit Stack Smashing"](http://tacxingxing.com/2018/02/15/linux-kernel-exploit-stack-smashing/) [article] [2018, HitB: "Mirror Mirror: Rooting Android 8 with a Kernel Space Mirroring Attack" by Wang Yong](https://conference.hitb.org/hitbsecconf2018ams/materials/D1T2%20-%20Yong%20Wang%20&%20Yang%20Song%20-%20Rooting%20Android%208%20with%20a%20Kernel%20Space%20Mirroring%20Attack.pdf) [slides] @@ -103,6 +105,8 @@ Pull requests are welcome. ### Information leak +[2018: "Linux kernel: CVE-2017-18344: arbitrary-read vulnerability in the timer subsystem" by Andrey Konovalov](https://www.openwall.com/lists/oss-security/2018/08/09/6) [announcement, CVE-2017-18344] + [2017: "Linux kernel 2.6.0 to 4.12-rc4 infoleak due to a data race in ALSA timer" by Alexander Potapenko](http://seclists.org/oss-sec/2017/q2/455) [announcement, CVE-2017-1000380] [2017: "The Infoleak that (Mostly) Wasn't" by Brad Spengler](https://grsecurity.net/the_infoleak_that_mostly_wasnt.php) [article, CVE-2017-7616] @@ -118,6 +122,14 @@ Pull requests are welcome. ### LPE +[2018: "CVE-2017-11176: A step-by-step Linux Kernel exploitation](https://blog.lexfo.fr/) [article, CVE-2017-11176] + +[2018: "A cache invalidation bug in Linux memory management" by Jann Horn](https://googleprojectzero.blogspot.com/2018/09/a-cache-invalidation-bug-in-linux.html) [article, CVE-2018-17182] + +[2018, beVX: "Dissecting a 17-year-old kernel bug" by Vitaly Nikolenko](https://cyseclabs.com/slides/bevx-talk.pdf) [slides, CVE-2018-6554, CVE-2018-6555] + +[2018: "SSD Advisory – IRDA Linux Driver UAF"](https://blogs.securiteam.com/index.php/archives/3759) [article, CVE-2018-6554, CVE-2018-6555] + [2018: "Integer overflow in Linux's create_elf_tables()"](https://www.openwall.com/lists/oss-security/2018/09/25/4) [announcement, CVE-2018-14634] [2018: "MMap Vulnerabilities – Linux Kernel"](https://research.checkpoint.com/mmap-vulnerabilities-linux-kernel/) [article, CVE-2018-8781] @@ -326,6 +338,12 @@ Pull requests are welcome. ## Defensive +[2018: "Overview and Recent Developments: Kernel Self-Protection Project" by Kees Cook](https://outflux.net/slides/2018/lss-eu/kspp.pdf) [slides] + +[2018, beVX: "The Last Man Standing: The Only Practical, Lightweight and Hypervisor-Based Kernel Protector Struggling with the Real World Alone" by Seunghun Han](https://github.com/kkamagui/papers/blob/master/bevx-2018/presentation.pdf) [video] + +[2018, CONFidence: "Linux Kernel Runtime Guard (LKRG) under the hood" by Adam "pi3" Zabrocki](https://www.youtube.com/watch?v=tOiPM692DOM) [video] + [2018: "GuardION: Practical Mitigation of DMA-based Rowhammer Attacks on ARM"](https://vvdveen.com/publications/dimva2018.pdf) [paper] [2018, BlackHat: "kR^X: Comprehensive Kernel Protection Against Just-In-Time Code Reuse"](https://www.youtube.com/watch?v=L-3eCmZ8s3A) [video] @@ -377,6 +395,8 @@ Pull requests are welcome. ## Vulnerability discovery +[2018: "Writing the worlds worst Android fuzzer, and then improving it" by Brandon Falk](https://gamozolabs.github.io/fuzzing/2018/10/18/terrible_android_fuzzer.html) [article] + 2018: "From Thousands of Hours to a Couple of Minutes: Towards Automating Exploit Generation for Arbitrary Types of Kernel Vulnerabilities" [[slides](http://i.blackhat.com/us-18/Thu-August-9/us-18-Wu-Towards-Automating-Exploit-Generation-For-Arbitrary-Types-of-Kernel-Vulnerabilities.pdf)] [[whitepaper](http://i.blackhat.com/us-18/Thu-August-9/us-18-Wu-Towards-Automating-Exploit-Generation-For-Arbitrary-Types-of-Kernel-Vulnerabilities-wp.pdf)] [2018: "MoonShine: Optimizing OS Fuzzer Seed Selection with Trace Distillation"](http://www.cs.columbia.edu/~suman/docs/moonshine.pdf) [paper] -- cgit v1.3