Anything about kernel security. CTF kernel pwn & kernel exploit, kernel fuzz and kernel defense paper & kernel debugging technique & kernel CVE debug.
Keep updating...
- linux内核漏洞利用初探(1):环境配置
- linux内核漏洞利用初探(2):demo-null_dereference
- linux内核漏洞利用初探(3):demo-stack_overflow
- 【Linux内核漏洞利用】2018强网杯core_栈溢出
- 【Linux内核漏洞利用】CISCN2017-babydriver_UAF漏洞
- 【Linux内核漏洞利用】0CTF2018-baby-double-fetch
- 【Linux内核漏洞利用】强网杯2018-solid_core-任意读写
- 【linux内核漏洞利用】StringIPC—从任意读写到权限提升三种方法
- 【linux内核漏洞利用】STARCTF 2019 hackme—call_usermodehelper提权路径变量总结
- 【linux内核漏洞利用】WCTF 2018 klist—竞争UAF-pipe堆喷
- 【linux内核漏洞利用】TokyoWesternsCTF-2019-gnote Double-Fetch
- 【linux内核userfaultfd使用】Balsn CTF 2019 - KrazyNote
- linux内核提权系列教程(1):堆喷射函数sendmsg与msgsend利用
- linux内核提权系列教程(2):任意地址读写到提权的4种方法
- linux内核提权系列教程(3):栈变量未初始化漏洞
- 【linux内核漏洞利用】ret2dir利用方法
- 2014-USENIX:ret2dir: Rethinking Kernel Isolation
- 2015-CCS:From collision to exploitation_ Unleashing Use-After-Free vulnerabilities in Linux Kernel
- 2016-CCS:Prefetch Side-Channel Attacks - Bypassing SMAP and Kernel ASLR
- 2016-CCS:Breaking Kernel Address Space Layout Randomization with Intel TSX
- 2017-CCS:SemFuzz: Semantics-based Automatic Generation of Proof-of-Concept Exploits
- 2017-NDSS:Unleashing Use-Before-Initialization Vulnerabilities in the Linux Kernel Using Targeted Stack Spraying — 【note】
- 2018-USENIX:FUZE-Towards Facilitating Exploit Generation for Kernel Use-After-Free Vulnerabilities — 【note】【tool-FUZE】
- 2019-USENIX:KEPLER-Facilitating Control-flow Hijacking Primitive Evaluation for Linux Kernel Vulnerabilities — 【note】【tool-KEPLER】
- 2019-CCS:SLAKE-Facilitating Slab Manipulation for Exploiting Vulnerabilities in the Linux Kernel-CCS2019 — 【note】【tool-SLAKE】
- 2020-USENIX:KOOBE: Towards Facilitating Exploit Generation of Kernel Out-Of-Bounds Write Vulnerabilities — 【note】【note2】【tool-KOOBE】
- 2012-OSDI:Improving integer security for systems with KINT
- 2014-Black Hat:QSEE TrustZone Kernel Integer Overflow
- 2014-USENIX:Static Analysis of Variability in System Software - The 90, 000 #ifdefs Issue
- 2014-OSDI:SKI:Exposing Kernel Concurrency Bugs through Systematic Schedule Exploration
- 2015-SOSP:Cross-checking semantic correctness: The case of finding file system bugs — 【tool-JUXTA】
- 2016-USENIX:UniSan-Proactive Kernel Memory Initialization to Eliminate Data Leakages — 【note】【tool-unisan】
- 2016-USENIX:APISan: Sanitizing API Usages through Semantic Cross-Checking — 【tool-apisan】
- 2017-EUROSYS:DangSan - Scalable Use-after-free Detection — 【tool-dangsan】
- 2017-USENIX-ATC:CAB-Fuzz:Practical Concolic Testing Techniques for {COTS} Operating Systems
- 2017-CCS:DIFUZE-Interface Aware Fuzzing for Kernel Drivers — 【note】【tool-difuze】
- 2017-USENIX:Digtool- A Virtualization-Based Framework for Detecting Kernel Vulnerabilities-usenix — 【note】【note2】【note3】【note4】
- 2017-USENIX:How Double-Fetch Situations turn into DoubleFetch — 【note】【tool】
- 2017-USENIX:DR. CHECKER- A Soundy Analysis for Linux Kernel Drivers — 【tool-dr_checker】
- 2017-USENIX:kAFL- Hardware-Assisted Feedback Fuzzing for OS Kernels — 【note】【tool-kAFL】
- 2018-S&P:DEADLINE-Precise and Scalable Detection of Double-Fetch Bugs in OS Kernels — 【note】【note2】【note3】【tool-DEADLINE】
- 2018-CCS:Check It Again- Detecting Lacking-Recheck Bugs in OS Kernels — 【note】【note2】【tool-LRSan】
- 2018-USENIX:MoonShine:Optimizing OS Fuzzer Seed Selection with Trace Distillation — 【note】【note2】【tool-moonshine】
- 2018-NDSS:K-Miner: Uncovering Memory Corruption in Linux — 【note】【note2】【tool-K-Miner】
- 2019-S&P:Razzer:Finding Kernel Race Bugs through Fuzzing — 【note】【note2】【note3】【tool-razzer】
- 2019-WOOT-Workshop:Unicorefuzz- On the Viability of Emulation for Kernelspace Fuzzing — 【tool-unicorefuzz】
- 2019-FSE:Detecting Concurrency Memory Corruption Vulnerabilities — 【tool-CONVUL】
- 2019-S&P:Fuzzing File Systems via Two-Dimensional Input Space Exploration — 【note】 【note2】【tool-JANUS】
- 2019-USENIX:Detecting Missing-Check Bugs via Semantic- and Context-Aware Criticalness and Constraints Inferences — 【tool-CRIX】
- 2019-USENIX-ATC:Effective Static Analysis of Concurrency Use-After-Free Bugs in Linux Device Drivers — 【note】
- 2019-NDSS:PeriScope:An Effective Probing and Fuzzing Framework for the Hardware-OS Boundary — 【note】【tool-periscope】
- 2018-USENIX-ATC:DSAC: Effective Static Analysis of Sleep-in-Atomic-Context Bugs in Kernel Modules
- 2020-TOCS:Effective Detection of Sleep-in-atomic-context Bugs in the Linux Kernel
- 2020-NDSS:HFL: Hybrid Fuzzing on the Linux Kernel — 【note】【note2】
- 2020-S&P:Krace: Data Race Fuzzing for Kernel File Systems
- 2011-NDSS:Practical Protection of Kernel Integrity for Commodity OS from Untrusted Extensions
- 2011-NDSS:SigGraph - Brute Force Scanning of Kernel Data Structure Instances Using Graph-based Signatures
- 2011-NDSS:Efficient Monitoring of Untrusted Kernel-Mode Execution
- 2012-NDSS:Kruiser - Semi-synchronized Non-blocking Concurrent Kernel Heap Buffer Overflow Monitoring
- 2012-OSDI:Improving Integer Security for Systems with KINT
- 2012-S&P:Smashing the Gadgets - Hindering Return-Oriented Programming Using In-place Code Randomization
- 2012-USS:Enhanced Operating System Security Through Efficient and Fine-grained Address Space Randomization
- 2013-EUROSYS:Process firewalls - protecting processes during resource access
- 2013-NDSS:Attack Surface Metrics and Automated Compile-Time OS Kernel Tailoring
- 2013-S&P:Just-In-Time Code Reuse - On the Effectiveness of Fine-Grained Address Space Layout Randomization
- 2014-CCS:A Tale of Two Kernels - Towards Ending Kernel Hardening Wars with Split Kernel
- 2014-NDSS:ROPecker - A Generic and Practical Approach For Defending Against ROP Attacks
- 2014-OSDI:Jitk - A Trustworthy In-Kernel Interpreter Infrastructure
- 2014-S&P:KCoFI - Complete Control-Flow Integrity for Commodity Operating System Kernels
- 2014-S&P:Dancing with Giants - Wimpy Kernels for On-Demand Isolated I/O
- 2015-NDSS:Preventing Use-after-free with Dangling Pointers Nullification
- 2016-NDSS:Enforcing Kernel Security Invariants with Data Flow Integrity
- 2016-OSDI:Light-Weight Contexts - An OS Abstraction for Safety and Performance
- 2016-OSDI:EbbRT - A Framework for Building Per-Application Library Operating Systems
- 2017-EUROSYS:A Characterization of State Spill in Modern Operating Systems
- 2017-EUROSYS:kRˆX: Comprehensive Kernel Protection Against Just-In-Time Code Reuse 【slides】
- 2017-NDSS:PT-Rand - Practical Mitigation of Data-only Attacks against Page Tables
- 2017-S&P:NORAX - Enabling Execute-Only Memory for COTS Binaries on AArch64
- 2017-CCS:FreeGuard - A Faster Secure Heap Allocator
- 2017-USENIX:Lock-in-Pop - Securing Privileged Operating System Kernels by Keeping on the Beaten Path
- 2017-USENIX:Can’t Touch This: Software-only Mitigation against Rowhammer Attacks targeting Kernel Memory
- 2017-USENIX:Oscar: A Practical Page-Permissions-Based Scheme for Thwarting Dangling Pointers
- 2019-S&P:LBM - A Security Framework for Peripherals within the Linux Kernel
- 2019-S&P:SoK - Shining Light on Shadow Stacks
- 2019-S&P:SoK - Sanitizing for Security
- 2019-USENIX:PeX: A Permission Check Analysis Framework for Linux Kernel
- 2019-USENIX:ERIM: Secure, Efficient In-process Isolation with Protection Keys (MPK)
- 2019-USENIX:LXDs - Towards Isolation of Kernel Subsystems
- 2019-USENIX:SafeHidden: An Efficient and Secure Information Hiding Technique Using Re-randomization
- 2020-S&P:xMP: Selective Memory Protection for Kernel and User Space
- 2020-S&P:SEIMI: Efficient and Secure SMAP-Enabled Intra-process Memory Isolation
- security things in every version of Linux mainline
- PaX code analysis
- A Decade of Linux Kernel Vulnerabilities, their Mitigation and Open Problems-2017
- linux-kernel-defence-map
- The State of Kernel Self Protection-2018
- 2020-USEINX:Automatic Hot Patch Generation for Android Kernels—自动给安卓打补丁 【note】
- Linux kernel 4.20 BPF 整数溢出漏洞分析
- 【CVE-2017-16995】Linux ebpf模块整数扩展问题导致提权漏洞分析
- 【CVE-2017-7184】Linux xfrm模块越界读写提权漏洞分析
- linux双机调试
- linux内核漏洞利用初探(1):环境配置
- 【linux内核调试】SystemTap使用技巧
- 【linux内核调试】使用Ftrace来Hook linux内核函数
- 【linux内核调试】ftrace/kprobes/SystemTap内核调试方法对比
- 【KVM】KVM学习—实现自己的内核