September/October updates

And a few November ones as well.
VPaulV · Nov 18, 2022 · 69dc662 · 69dc662
1 parent 5d5936f
commit 69dc662
Showing 1 changed file with 47 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -52,6 +52,10 @@ December 5–6th, Online: [Attacking the Linux Kernel](https://www.blackhat.com/
 
 ### Exploitation
 
+[2022: "pipe_buffer arbitrary read write" by Jayden R](https://interruptlabs.co.uk/labs/pipe_buffer/) [article]
+
+[2022: "Joy of exploiting the Kernel"](https://docs.google.com/presentation/d/e/2PACX-1vR4mpH3aARLMOhJemVGEw1cduXPEo_PvrbZMum8QwOJ6rhZvvezsif4qtgSydVVt8jPT1fztgD5Mj7q/pub?slide=id.p) [slides]
+
 [2022: "An exploit primitive in the Linux kernel inspired by DirtyPipe"](https://github.com/veritas501/pipe-primitive) [article]
 
 [2022: "Pawnyable: Linux Kernel Exploitation" by ptr-yudai](https://pawnyable.cafe/linux-kernel/index.html) [articles]
@@ -106,6 +110,8 @@ December 5–6th, Online: [Attacking the Linux Kernel](https://www.blackhat.com/
 
 [2019: "Leak kernel pointer by exploiting uninitialized uses in Linux kernel" by Jinbum Park](https://jinb-park.github.io/leak-kptr.html) [slides]
 
+[2019: "Kernel IDT priviledge escalation"](https://github.com/rdomanski/kernel/tree/master/writeups/Kernel-IDT-priviledge-escalation) [article]
+
 [2018: "FUZE: Towards Facilitating Exploit Generation for Kernel Use-After-Free Vulnerabilities"](http://personal.psu.edu/yxc431/publications/FUZE_Slides.pdf) [slides] [[paper](http://personal.psu.edu/yxc431/publications/FUZE.pdf)]
 
 [2018: "Linux Kernel universal heap spray" by Vitaly Nikolenko](https://cyseclabs.com/blog/linux-kernel-heap-spray) [article]
@@ -306,7 +312,13 @@ December 5–6th, Online: [Attacking the Linux Kernel](https://www.blackhat.com/
 
 ### LPE
 
-[2022: "SETTLERS OF NETLINK: Exploiting a limited UAF in nf_tables (CVE-2022-32250)"](https://research.nccgroup.com/2022/09/01/settlers-of-netlink-exploiting-a-limited-uaf-in-nf_tables-cve-2022-32250/) [article] [[slides](https://conference.hitb.org/hitbsecconf2022sin/materials/D1T1%20-%20Settlers%20of%20Netlink%20-%20Exploiting%20a%20Limited%20UAF%20on%20Ubuntu%2022.04%20to%20Achieve%20LPE%20-%20Aaron%20Adams.pdf)] [CVE-2022-32250]
+[2022: "[CVE-2022-1786] A Journey To The Dawn"](https://blog.kylebot.net/2022/10/16/CVE-2022-1786/) [article] [CVE-2022-1786]
+
+[2022: "A Very Powerful Clipboard: Analysis of a Samsung in-the-wild exploit chain" by Maddie Stone](https://googleprojectzero.blogspot.com/2022/11/a-very-powerful-clipboard-samsung-in-the-wild-exploit-chain.html) [article] [CVE-2021-25369] [CVE-2021-25370]
+
+[2022: "Attacking the Android kernel using the Qualcomm TrustZone" by Tamir Zahavi-Brunner](https://tamirzb.com/attacking-android-kernel-using-qualcomm-trustzone) [article] [[video](https://www.youtube.com/watch?v=WXqff23dT5I)] [CVE-2021-1961]
+
+[2022: "SETTLERS OF NETLINK: Exploiting a limited UAF in nf_tables (CVE-2022-32250)"](https://research.nccgroup.com/2022/09/01/settlers-of-netlink-exploiting-a-limited-uaf-in-nf_tables-cve-2022-32250/) [article] [[slides](https://conference.hitb.org/hitbsecconf2022sin/materials/D1T1%20-%20Settlers%20of%20Netlink%20-%20Exploiting%20a%20Limited%20UAF%20on%20Ubuntu%2022.04%20to%20Achieve%20LPE%20-%20Aaron%20Adams.pdf)] [[video](https://www.youtube.com/watch?v=7T_ajYpRWJw)] [CVE-2022-32250]
 
 [2022: "Linux Kernel Exploit (CVE-2022-32250) with mqueue"](https://blog.theori.io/research/CVE-2022-32250-linux-kernel-lpe-2022/) [article] [CVE-2022-32250]
 
@@ -522,6 +534,8 @@ December 5–6th, Online: [Attacking the Linux Kernel](https://www.blackhat.com/
 
 [2018: "eBPF and Analysis of the get-rekt-linux-hardened.c Exploit for CVE-2017-16995"](https://ricklarabee.blogspot.com/2018/07/ebpf-and-analysis-of-get-rekt-linux.html) [article] [CVE-2017-16695]
 
+[2017: "Challenge Impossible -- Multiple Exploit On Android" by Hanxiang Wen and Xiaodong Wang](https://hitcon.org/2017/CMT/slide-files/d1_s4_r2.pdf) [slides] [CVE-2017-0437]
+
 [2017: "CVE-2017-1000112: Exploiting an out-of-bounds bug in the Linux kernel UFO packets" by Andrey Konovalov](https://xairy.io/articles/cve-2017-1000112) [article] [CVE-2017-1000112]
 
 [2017: "Linux Kernel Vulnerability Can Lead to Privilege Escalation: Analyzing CVE-2017-1000112" by Krishs Patil](https://securingtomorrow.mcafee.com/mcafee-labs/linux-kernel-vulnerability-can-lead-to-privilege-escalation-analyzing-cve-2017-1000112/) [article] [CVE-2017-1000112]
@@ -682,6 +696,8 @@ December 5–6th, Online: [Attacking the Linux Kernel](https://www.blackhat.com/
 
 ### Other
 
+[2022: "Vulnerability Details for CVE-2022-41218"](https://github.com/V4bel/CVE-2022-41218) [article] [CVE-2022-41218]
+
 [2022: "Racing Cats to the Exit: A Boring Linux Kernel Use-After-Free"](https://accessvector.net/2022/linux-itimers-uaf) [article]
 
 [2022: "Android Universal Root: Exploiting xPU Drivers"](https://i.blackhat.com/USA-22/Wednesday/US-22-Jin-Android-Universal-Root.pdf) [slides] [CVE-2022-20122] [CVE-2021-39815]
@@ -737,6 +753,12 @@ December 5–6th, Online: [Attacking the Linux Kernel](https://www.blackhat.com/
 
 ## Finding Bugs
 
+[2022: "Sanitizing the Linux kernel: On KASAN and other Dynamic Bug-finding Tools" by Andrey Konovalov](https://docs.google.com/presentation/d/1qA8fqRDHKX_WM_ZdDN37EQQZwSTNJ4FFws82tbUSKxY/edit?usp=sharing) [slides] [[video](https://www.youtube.com/watch?v=KmFVPyHyfqQ)] [[article](https://lwn.net/Articles/909245/)]
+
+[2022: "DangZero: Efficient Use-After-Free Detection via Direct Page Table Access"](https://download.vusec.net/papers/dangzero_ccs22.pdf) [paper]
+
+[2022: "How I started chasing speculative type confusion bugs in the kernel and ended up with 'real' ones" by Jakob Koschel](https://lpc.events/event/16/contributions/1211/attachments/979/1981/LPC2022_slides_Jakob_Koschel.pdf) [slides] [[video](https://www.youtube.com/watch?v=LigVc74INaA)]
+
 [2022: "Technical analysis of syzkaller based fuzzers: It's not about VaultFuzzer!"](https://hardenedvault.net/blog/2022-08-07-state-based-fuzzer-update/) [article]
 
 [2022: "GREBE: Unveiling Exploitation Potential for Linux Kernel Bugs"](https://zplin.me/papers/GREBE.pdf) [paper]
@@ -803,6 +825,8 @@ December 5–6th, Online: [Attacking the Linux Kernel](https://www.blackhat.com/
 
 [2021: "Dynamic program analysis for fun and profit" by Dmitry Vyukov](https://linuxfoundation.org/wp-content/uploads/Dynamic-program-analysis_-LF-Mentorship.pdf) [slides] [[video](https://www.youtube.com/watch?v=ufcyOkgFZ2Q)]
 
+[2020: "RetroWrite: Statically Instrumenting COTS Binaries for Fuzzing and Sanitization"](https://nebelwelt.net/files/20Oakland.pdf) [paper] [[tool](https://github.com/HexHive/RetroWrite)]
+
 [2020: "Fuzzing a Pixel 3a Kernel with Syzkaller" by senyuuri](https://blog.senyuuri.info/2020/04/16/fuzzing-a-pixel-3a-kernel-with-syzkaller/) [article]
 
 [2020: "Fuzzing the Berkeley Packet Filter" by Benjamin Curt Nilsen](https://search.proquest.com/openview/feeeac2f4c7f767740986bdbf9d51785/1?pq-origsite=gscholar&cbl=44156) [thesis]
@@ -944,6 +968,20 @@ December 5–6th, Online: [Attacking the Linux Kernel](https://www.blackhat.com/
 
 ["Linux Kernel Defence Map" by Alexander Popov](https://github.com/a13xp0p0v/linux-kernel-defence-map)
 
+[2022: "Canary in the Kernel Mine: Exploiting and Defending Against Same-Type Object Reuse" by Mathias Krause](https://grsecurity.net/exploiting_and_defending_against_same_type_object_reuse) [article] [[reference exploits](https://github.com/opensrcsec/same_type_object_reuse_exploits)]
+
+[2022: "Making Linux Kernel Exploit Cooking Harder"](https://security.googleblog.com/2022/08/making-linux-kernel-exploit-cooking.html) [article] [[reference exploits](https://docs.google.com/document/d/1a9uUAISBzw3ur1aLQqKc5JOQLaJYiOP5pe_B4xCT1KA/edit?usp=sharing)] [[proposed mitigations](https://github.com/thejh/linux/blob/slub-virtual/MITIGATION_README)]
+
+[2022: "Where are we on security features?"](https://lpc.events/event/16/contributions/1173/attachments/1099/2108/LPC22%20-%20Where%20are%20we%20on%20security%20features%3F.pdf) [slides] [[video](https://www.youtube.com/watch?v=tQwv79i02ks)]
+
+[2022: "Control-Flow Integrity Kernel Support"](https://lpc.events/event/16/contributions/1315/attachments/1067/2169/cfi.pdf) [slides] [[video](https://www.youtube.com/watch?v=bmv6blX_F_g)]
+
+[2022: "HotBPF - An On-demand and On-the-fly Memory Protection for the Linux Kernel"](https://www.youtube.com/watch?v=1KSLTsgxaSU) [video]
+
+[2022: "Mind The Gap - The Linux Ecosystem Kernel Patch Gap" by Jakob Lell & Regina Biro](https://www.youtube.com/watch?v=WkJQImkOkNk) [video]
+
+[2022: "The exploit recon 'msg_msg' and its mitigation in VED"](https://hardenedvault.net/blog/2022-11-13-msg_msg-recon-mitigation-ved/) [article]
+
 [2022: "Return to sender: Detecting kernel exploits with eBPF" by Guillaume Fournier at Black Hat USA](https://i.blackhat.com/USA-22/Wednesday/US-22-Fournier-Return-To-Sender.pdf) [slides] [[code](https://github.com/Gui774ume/krie)]
 
 [2022: "Meaningful Bounds Checking in the Linux Kernel" by Kees Cook](https://outflux.net/slides/2022/lss-na/) [slides]
@@ -1291,6 +1329,8 @@ https://github.com/martinradev/gdb-pt-dump
 
 [github.com/AravGarg/kernel-hacking/ctf-challs](https://github.com/AravGarg/kernel-hacking/tree/master/ctf-challs)
 
+D^3CTF 2022 (d3bpf): [writeup](https://stdnoerr.github.io/writeup/2022/08/21/eBPF-exploitation-(ft.-D-3CTF-d3bpf).html), [writeup 2](https://github.com/chujDK/d3ctf2022-pwn-d3bpf-and-v2)
+
 zer0pts CTF 2022 (kRCE): [writeup](https://www.willsroot.io/2022/03/zer0pts-ctf-2022-krce-writeup.html)
 
 VULNCON CTF 2021 (IPS): [writeup](https://kileak.github.io/ctf/2021/vulncon-ips/), [writeup 2](https://blog.kylebot.net/2022/01/10/VULNCON-2021-IPS/)
@@ -1435,6 +1475,12 @@ https://github.com/crowell/old_blog/blob/source/source/_posts/2014-11-24-hosting
 
 ## Misc
 
+[2022: "Designing subsystems for FUZZ-ability" by Dmitry Vyukov](https://lpc.events/event/16/contributions/1309/attachments/988/1979/Designing%20subsystems%20for%20testability_fuzzing%20%28PDF%20version%29.pdf) [slides] [[video](https://www.youtube.com/watch?v=zmF_AswbVbQ)]
+
+[2022: "Making syzbot reports more developer-friendly" by Aleksandr Nogikh](https://lpc.events/event/16/contributions/1311/attachments/1013/1951/Making%20syzbot%20reports%20more%20developer-friendly.pdf) [slides] [[video](https://www.youtube.com/watch?v=ePldLzdAArg)]
+
+[2022: "Peeking into the BPF verifier" by Shung-Hsi Yu](https://docs.google.com/presentation/d/1abYBW7L8kAupgG9YkFPRGayZSXm9hGv_Dvp7ADBkfyg/edit?usp=sharing) [slides]
+
 [2022: "So You Wanna Pwn The Kernel?" by Samuel Page](https://sam4k.com/so-you-wanna-pwn-the-kernel/) [article]
 
 [2022: "Automated RE of Kernel Configurations" by zznop](https://zznop.com/2022/01/02/automated-re-of-kernel-build-configs/) [article]