From fc90834aa5deaf3c98c04b73443f3e9f1dfea9aa Mon Sep 17 00:00:00 2001
From: Andrey Konovalov
Date: Wed, 23 Dec 2020 18:32:01 +0100
Subject: November/December updates

---
 README.md | 38 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 38 insertions(+)

(limited to 'README.md')

diff --git a/README.md b/README.md
index 7548626..dc5d416 100644
--- a/README.md
+++ b/README.md
@@ -19,6 +19,10 @@ Pull requests are welcome.
 
 ## Exploitation Techniques
 
+[2020: "Locating the kernel PGD on Android/aarch64" by Vitaly Nikolenko](https://duasynt.com/blog/android-pgd-page-tables) [article]
+
+[2020: "A Systematic Study of Elastic Objects in Kernel Exploitation"](https://zplin.me/papers/ELOISE.pdf) [paper] [[video](https://www.youtube.com/watch?v=yXhH0IJAxkE)]
+
 [2020: "Exploiting Uses of Uninitialized Stack Variables in Linux Kernels to Leak Kernel Pointers"](https://www.usenix.org/system/files/woot20-paper1-slides-cho.pdf) [slides] [[paper](https://www.usenix.org/system/files/woot20-paper-cho.pdf)] [[video](https://www.youtube.com/watch?v=uI377m9S0qs)]
 
 [2020: "BlindSide: Speculative Probing: Hacking Blind in the Spectre Era"](https://www.vusec.net/projects/blindside/) [paper]
@@ -139,6 +143,8 @@ Pull requests are welcome.
 
 ### Information Leaks
 
+[2020: "PLATYPUS: Software-based Power Side-Channel Attacks on x86"](https://platypusattack.com/platypus.pdf) [paper]
+
 [2019: "CVE-2018-3639 / CVE-2019-7308 - Analysis of Spectre Attacking Linux Kernel ebpf"](https://xz.aliyun.com/t/4230) [article, CVE-2018-3639, CVE-2019-7308]
 
 [2019: "From IP ID to Device ID and KASLR Bypass (Extended Version)"](https://arxiv.org/pdf/1906.10478.pdf) [paper]
@@ -164,6 +170,16 @@ Pull requests are welcome.
 
 ### LPE
 
+[2020: "An iOS hacker tries Android" by Brandon Azad](https://googleprojectzero.blogspot.com/2020/12/an-ios-hacker-tries-android.html) [article, CVE-2020-28343, SVE-2020-18610]
+
+[2020: "Exploiting a Single Instruction Race Condition in Binder"](https://blog.longterm.io/cve-2020-0423.html) [article, CVE-2020-0423]
+
+[2020: "Three Dark clouds over the Android kernel" by Jun Yao](https://github.com/2freeman/Slides/blob/main/PoC-2020-Three%20Dark%20clouds%20over%20the%20Android%20kernel.pdf) [slides, CVE-2020-3680]
+
+[2020: "Kernel Exploitation With A File System Fuzzer"](https://cyberweek.ae/materials/2020/D1T2%20-%20Kernel%20Exploitation%20with%20a%20File%20System%20Fuzzer.pdf) [slides, CVE-2019-19377] [[video](https://www.youtube.com/watch?v=95f1b4FcrQ4)]
+
+[2020: "Finding and exploiting a bug (LPE) in an old Android phone" by Brandon Falk] [stream] [part 2](https://www.youtube.com/watch?v=qnyFk-f3Koo) [summary](https://www.youtube.com/watch?v=t-t7D0vQNmo)
+
 [2020: "CVE-2020-14386: Privilege Escalation Vulnerability in the Linux kernel" by Or Cohen](https://unit42.paloaltonetworks.com/cve-2020-14386/) [article, CVE-2020-14386]
 
 [2020: "Attacking the Qualcomm Adreno GPU" by Ben Hawkes](https://googleprojectzero.blogspot.com/2020/09/attacking-qualcomm-adreno-gpu.html) [article, CVE-2020-11179]
@@ -390,6 +406,8 @@ Pull requests are welcome.
 
 ### Other
 
+[2020: "CVE-2020-16119"](https://github.com/HadarManor/Public-Vulnerabilities/blob/master/CVE-2020-16119/CVE-2020-16119.md) [article, CVE-2020-16119]
+
 [2020: "The short story of 1 Linux Kernel Use-After-Free bug and 2 CVEs (CVE-2020-14356 and CVE-2020-25220)" by Adam Zabrocki](http://blog.pi3.com.pl/?p=720) [article, CVE-2020-14356, CVE-2020-25220]
 
 [2020: "Curiosity around 'exec_id' and some problems associated with it" by Adam Zabrocki](https://www.openwall.com/lists/kernel-hardening/2020/03/25/1) [article]
@@ -460,6 +478,10 @@ Pull requests are welcome.
 
 ## Defensive
 
+[2020: "Kernel Integrity Enforcement with HLAT In a Virtual Machine" by Chao Gao](https://static.sched.com/hosted_files/osseu2020/ce/LSSEU20_kernel%20integrity%20enforcement%20with%20HLAT%20in%20a%20virtual%20machine_v3.pdf) [slides] [[video](https://www.youtube.com/watch?v=N8avvE_neV0)]
+
+[2020: "Linux kernel heap quarantine versus use-after-free exploits" by Alexander Popov](https://a13xp0p0v.github.io/2020/11/30/slab-quarantine.html) [article]
+
 [2020: "State of Linux kernel security" by Dmitry Vyukov](https://github.com/ossf/wg-securing-critical-projects/blob/main/presentations/The_state_of_the_Linux_kernel_security.pdf) [slides] [[video](https://www.youtube.com/watch?v=PGwFyzh2KTA&t=1233)]
 
 [2020: "LKRG IN A NUTSHELL" by Adam Zabrocki at OSTconf](https://www.openwall.com/presentations/OSTconf2020-LKRG-In-A-Nutshell/OSTconf2020-LKRG-In-A-Nutshell.pdf) [slides]
@@ -553,6 +575,8 @@ Pull requests are welcome.
 
 ## Vulnerability Discovery
 
+[2020: "Fuzzing for eBPF JIT bugs in the Linux kernel" by Simon Scannell](https://scannell.me/fuzzing-for-ebpf-jit-bugs-in-the-linux-kernel/) [article]
+
 [2020: "Specification and verification in the field: Applying formal methods to BPF just-in-time compilers in the Linux kernel"](https://unsat.cs.washington.edu/papers/nelson-jitterbug.pdf) [paper]
 
 [2020: "Fuzzing the Linux kernel (x86) entry code, Part 1 of 3" by Vegard Nossum](https://blogs.oracle.com/linux/fuzzing-the-linux-kernel-x86-entry-code%2c-part-1-of-3) [article]
@@ -690,6 +714,10 @@ https://github.com/fgsect/unicorefuzz
 
 https://github.com/shankarapailoor/moonshine [corpus-generation]
 
+https://github.com/SunHao-0/healer
+
+https://github.com/atrosinenko/kbdysch
+
 
 ## Exploits
 
@@ -769,6 +797,8 @@ https://github.com/chompie1337/s8_2019_2215_poc/
 
 https://github.com/c3r34lk1ll3r/CVE-2017-5123
 
+https://haxx.in/blasty-vs-ebpf.c
+
 
 ## Tools
 
@@ -810,9 +840,17 @@ https://github.com/IntelLabs/kAFL/
 
 https://github.com/securesystemslab/agamotto
 
+https://github.com/duasynt/gdb_scripts/
+
 
 ## CTF Tasks
 
+BSidesTLV CTF 2020 (Kapara): [writeup and exploit](https://jctf.team/BSidesTLV-2020/Kapara/), [video writeup](https://media.handmade-seattle.com/linux-kernel-adventures/)
+
+HITCON CTF 2020 (spark): [source and exploit #1](https://github.com/david942j/ctf-writeups/tree/master/hitcon-2020/spark), [writeup and exploit #2](https://github.com/BrieflyX/ctf-pwns/tree/master/kernel/spark), [exploit #3](https://gist.github.com/sampritipanda/9fb8f1f92aef6591246e74ed5847c910)
+
+HITCON CTF 2020 (atoms): [source and exploit](https://github.com/david942j/ctf-writeups/tree/master/hitcon-2020/atoms)
+
 N1 CTF 2020 (W2L): [writeup](https://github.com/Nu1LCTF/n1ctf-2020/blob/main/N1CTF2020%20Writeup%20By%20Nu1L.pdf)
 
 Seccon Online 2020 (Kstack): [source, exploit and writeup](https://github.com/BrieflyX/ctf-pwns/tree/master/kernel/kstack)
-- 
cgit v1.3