René's URL Explorer Experiment


Title: GitHub - facebook-cloud/kernel-security-learning: Anything about kernel security. CTF kernel pwn, kernel exploit, kernel fuzz and kernel defense paper, kernel debugging technique, kernel CVE debug. · GitHub

Open Graph Title: GitHub - facebook-cloud/kernel-security-learning: Anything about kernel security. CTF kernel pwn, kernel exploit, kernel fuzz and kernel defense paper, kernel debugging technique, kernel CVE debug.

X Title: GitHub - facebook-cloud/kernel-security-learning: Anything about kernel security. CTF kernel pwn, kernel exploit, kernel fuzz and kernel defense paper, kernel debugging technique, kernel CVE debug.

Description: Anything about kernel security. CTF kernel pwn, kernel exploit, kernel fuzz and kernel defense paper, kernel debugging technique, kernel CVE debug. - facebook-cloud/kernel-security-learning

Open Graph Description: Anything about kernel security. CTF kernel pwn, kernel exploit, kernel fuzz and kernel defense paper, kernel debugging technique, kernel CVE debug. - facebook-cloud/kernel-security-learning

X Description: Anything about kernel security. CTF kernel pwn, kernel exploit, kernel fuzz and kernel defense paper, kernel debugging technique, kernel CVE debug. - facebook-cloud/kernel-security-learning

Opengraph URL: https://github.com/facebook-cloud/kernel-security-learning

X: @github

direct link

Domain: github.com

route-pattern/:user_id/:repository
route-controllerfiles
route-actiondisambiguate
fetch-noncev2:e61e5323-22de-7748-69b8-e4ff989ce4b3
current-catalog-service-hashf3abb0cc802f3d7b95fc8762b94bdcb13bf39634c40c357301c4aa1d67a256fb
request-idC59E:28F36F:26AF58:27943B:6A558BBD
html-safe-noncef62c996e6c27859e79b28de2c70a2836d71f7a3080e4887c6910775ee9cbb077
visitor-payloadeyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiJDNTlFOjI4RjM2RjoyNkFGNTg6Mjc5NDNCOjZBNTU4QkJEIiwidmlzaXRvcl9pZCI6IjYwMjI1NjUwMzQ0Mzc0NzkzNTciLCJyZWdpb25fZWRnZSI6InNlYSIsInJlZ2lvbl9yZW5kZXIiOiJzZWEifQ==
visitor-hmac098378ae1208c352a0067e8f23f1090b6de83a9db93a71d9e9c54a4ef8cb9846
hovercard-subject-tagrepository:400411259
github-keyboard-shortcutsrepository,copilot
google-site-verificationApib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I
octolytics-urlhttps://collector.github.com/github/collect
analytics-location//
fb:app_id1401488693436528
apple-itunes-appapp-id=1477376905, app-argument=https://github.com/facebook-cloud/kernel-security-learning
twitter:imagehttps://opengraph.githubassets.com/0f95364a52eaab3aa2995dcfadc4a43e3150324f6c693dd5f639e035472798bf/facebook-cloud/kernel-security-learning
twitter:cardsummary_large_image
og:imagehttps://opengraph.githubassets.com/0f95364a52eaab3aa2995dcfadc4a43e3150324f6c693dd5f639e035472798bf/facebook-cloud/kernel-security-learning
og:image:altAnything about kernel security. CTF kernel pwn, kernel exploit, kernel fuzz and kernel defense paper, kernel debugging technique, kernel CVE debug. - facebook-cloud/kernel-security-learning
og:image:width1200
og:image:height600
og:site_nameGitHub
og:typeobject
hostnamegithub.com
expected-hostnamegithub.com
Noneb5665c84831ed9ac4fb79519c16c9c5580ba8092fb8bb6e3e72972ec7197348e
turbo-cache-controlno-cache
go-importgithub.com/facebook-cloud/kernel-security-learning git https://github.com/facebook-cloud/kernel-security-learning.git
octolytics-dimension-user_id26565959
octolytics-dimension-user_loginfacebook-cloud
octolytics-dimension-repository_id400411259
octolytics-dimension-repository_nwofacebook-cloud/kernel-security-learning
octolytics-dimension-repository_publictrue
octolytics-dimension-repository_is_forktrue
octolytics-dimension-repository_parent_id224374363
octolytics-dimension-repository_parent_nwobsauce/kernel-security-learning
octolytics-dimension-repository_network_root_id224374363
octolytics-dimension-repository_network_root_nwobsauce/kernel-security-learning
turbo-body-classeslogged-out env-production page-responsive
disable-turbofalse
browser-stats-urlhttps://api.github.com/_private/browser/stats
browser-errors-urlhttps://api.github.com/_private/browser/errors
releaseaa21baa44893467b0b640d0300538f84ca8c475b
ui-targetfull
theme-color#1e2327
color-schemelight dark

Links:

Skip to contenthttps://github.com/facebook-cloud/kernel-security-learning#start-of-content
https://github.com/
Sign in https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Ffacebook-cloud%2Fkernel-security-learning
GitHub CopilotWrite better code with AIhttps://github.com/features/copilot
GitHub Copilot appDirect agents from issue to mergehttps://github.com/features/ai/github-app
MCP RegistryNewIntegrate external toolshttps://github.com/mcp
ActionsAutomate any workflowhttps://github.com/features/actions
CodespacesInstant dev environmentshttps://github.com/features/codespaces
IssuesPlan and track workhttps://github.com/features/issues
Code ReviewManage code changeshttps://github.com/features/code-review
GitHub Advanced SecurityFind and fix vulnerabilitieshttps://github.com/security/advanced-security
Code securitySecure your code as you buildhttps://github.com/security/advanced-security/code-security
Secret protectionStop leaks before they starthttps://github.com/security/advanced-security/secret-protection
Why GitHubhttps://github.com/why-github
Documentationhttps://docs.github.com
Bloghttps://github.blog
Changeloghttps://github.blog/changelog
Marketplacehttps://github.com/marketplace
View all featureshttps://github.com/features
Enterpriseshttps://github.com/enterprise
Small and medium teamshttps://github.com/team
Startupshttps://github.com/enterprise/startups
Nonprofitshttps://github.com/solutions/industry/nonprofits
App Modernizationhttps://github.com/solutions/use-case/app-modernization
DevSecOpshttps://github.com/solutions/use-case/devsecops
DevOpshttps://github.com/solutions/use-case/devops
CI/CDhttps://github.com/solutions/use-case/ci-cd
View all use caseshttps://github.com/solutions/use-case
Healthcarehttps://github.com/solutions/industry/healthcare
Financial serviceshttps://github.com/solutions/industry/financial-services
Manufacturinghttps://github.com/solutions/industry/manufacturing
Governmenthttps://github.com/solutions/industry/government
View all industrieshttps://github.com/solutions/industry
View all solutionshttps://github.com/solutions
AIhttps://github.com/resources/articles?topic=ai
Software Developmenthttps://github.com/resources/articles?topic=software-development
DevOpshttps://github.com/resources/articles?topic=devops
Securityhttps://github.com/resources/articles?topic=security
View all topicshttps://github.com/resources/articles
Customer storieshttps://github.com/customer-stories
Events & webinarshttps://github.com/resources/events
Ebooks & reportshttps://github.com/resources/whitepapers
Business insightshttps://github.com/solutions/executive-insights
GitHub Skillshttps://skills.github.com
Documentationhttps://docs.github.com
Customer supporthttps://support.github.com
Community forumhttps://github.com/orgs/community/discussions
Trust centerhttps://github.com/trust-center
Partnershttps://github.com/partners
View all resourceshttps://github.com/resources
GitHub SponsorsFund open source developershttps://github.com/open-source/sponsors
Security Labhttps://securitylab.github.com
Maintainer Communityhttps://maintainers.github.com
Acceleratorhttps://github.com/open-source/accelerator
GitHub Starshttps://stars.github.com
Archive Programhttps://archiveprogram.github.com
Topicshttps://github.com/topics
Trendinghttps://github.com/trending
Collectionshttps://github.com/collections
Enterprise platformAI-powered developer platformhttps://github.com/enterprise
GitHub Advanced SecurityEnterprise-grade security featureshttps://github.com/security/advanced-security
Copilot for BusinessEnterprise-grade AI featureshttps://github.com/features/copilot/copilot-business
Premium SupportEnterprise-grade 24/7 supporthttps://github.com/enterprise/premium-support
Pricinghttps://github.com/pricing
Search syntax tipshttps://docs.github.com/search-github/github-code-search/understanding-github-code-search-syntax
documentationhttps://docs.github.com/search-github/github-code-search/understanding-github-code-search-syntax
Sign in https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Ffacebook-cloud%2Fkernel-security-learning
Sign up https://github.com/signup?ref_cta=Sign+up&ref_loc=header+logged+out&ref_page=%2F%3Cuser-name%3E%2F%3Crepo-name%3E&source=header-repo&source_repo=facebook-cloud%2Fkernel-security-learning
Reloadhttps://github.com/facebook-cloud/kernel-security-learning
Reloadhttps://github.com/facebook-cloud/kernel-security-learning
Reloadhttps://github.com/facebook-cloud/kernel-security-learning
facebook-cloud https://github.com/facebook-cloud
kernel-security-learninghttps://github.com/facebook-cloud/kernel-security-learning
bsauce/kernel-security-learninghttps://github.com/bsauce/kernel-security-learning
Notifications https://github.com/login?return_to=%2Ffacebook-cloud%2Fkernel-security-learning
Fork 0 https://github.com/login?return_to=%2Ffacebook-cloud%2Fkernel-security-learning
Star 1 https://github.com/login?return_to=%2Ffacebook-cloud%2Fkernel-security-learning
Code https://github.com/facebook-cloud/kernel-security-learning
Pull requests 0 https://github.com/facebook-cloud/kernel-security-learning/pulls
Actions https://github.com/facebook-cloud/kernel-security-learning/actions
Projects https://github.com/facebook-cloud/kernel-security-learning/projects
Security and quality 0 https://github.com/facebook-cloud/kernel-security-learning/security
Insights https://github.com/facebook-cloud/kernel-security-learning/pulse
Code https://github.com/facebook-cloud/kernel-security-learning
Pull requests https://github.com/facebook-cloud/kernel-security-learning/pulls
Actions https://github.com/facebook-cloud/kernel-security-learning/actions
Projects https://github.com/facebook-cloud/kernel-security-learning/projects
Security and quality https://github.com/facebook-cloud/kernel-security-learning/security
Insights https://github.com/facebook-cloud/kernel-security-learning/pulse
https://github.com/facebook-cloud/kernel-security-learning
Brancheshttps://github.com/facebook-cloud/kernel-security-learning/branches
Tagshttps://github.com/facebook-cloud/kernel-security-learning/tags
https://github.com/facebook-cloud/kernel-security-learning/branches
https://github.com/facebook-cloud/kernel-security-learning/tags
30 Commitshttps://github.com/facebook-cloud/kernel-security-learning/commits/master/
https://github.com/facebook-cloud/kernel-security-learning/commits/master/
CVEhttps://github.com/facebook-cloud/kernel-security-learning/tree/master/CVE
CVEhttps://github.com/facebook-cloud/kernel-security-learning/tree/master/CVE
debug_techniquehttps://github.com/facebook-cloud/kernel-security-learning/tree/master/debug_technique
debug_techniquehttps://github.com/facebook-cloud/kernel-security-learning/tree/master/debug_technique
paperhttps://github.com/facebook-cloud/kernel-security-learning/tree/master/paper
paperhttps://github.com/facebook-cloud/kernel-security-learning/tree/master/paper
README.mdhttps://github.com/facebook-cloud/kernel-security-learning/blob/master/README.md
README.mdhttps://github.com/facebook-cloud/kernel-security-learning/blob/master/README.md
READMEhttps://github.com/facebook-cloud/kernel-security-learning
https://github.com/facebook-cloud/kernel-security-learning#kernel-security-learning
https://github.com/facebook-cloud/kernel-security-learning#1-ctf
linux内核漏洞利用初探(1):环境配置https://blog.csdn.net/panhewu9919/article/details/99438304
linux内核漏洞利用初探(2):demo-null_dereferencehttps://blog.csdn.net/panhewu9919/article/details/99441712
linux内核漏洞利用初探(3):demo-stack_overflowhttps://blog.csdn.net/panhewu9919/article/details/99485487
【Linux内核漏洞利用】2018强网杯core_栈溢出https://www.jianshu.com/p/8d950a9d8974
【Linux内核漏洞利用】CISCN2017-babydriver_UAF漏洞https://www.jianshu.com/p/5dbdabba7e75
【Linux内核漏洞利用】0CTF2018-baby-double-fetchhttps://ctf-wiki.github.io/ctf-wiki/pwn/linux/kernel/double-fetch/
【Linux内核漏洞利用】强网杯2018-solid_core-任意读写https://www.jianshu.com/p/3d707fac499a
【linux内核漏洞利用】StringIPC—从任意读写到权限提升三种方法https://www.jianshu.com/p/07994f8b2bb0
【linux内核漏洞利用】STARCTF 2019 hackme—call_usermodehelper提权路径变量总结https://www.jianshu.com/p/a2259cd3e79e
【linux内核漏洞利用】WCTF 2018 klist—竞争UAF-pipe堆喷https://blog.csdn.net/panhewu9919/article/details/100728934
【linux内核漏洞利用】TokyoWesternsCTF-2019-gnote Double-Fetchhttps://blog.csdn.net/panhewu9919/article/details/100891770
【linux内核userfaultfd使用】Balsn CTF 2019 - KrazyNotehttps://www.jianshu.com/p/a70a358ec02c
linux内核提权系列教程(1):堆喷射函数sendmsg与msgsend利用https://www.jianshu.com/p/5583657cfd25
linux内核提权系列教程(2):任意地址读写到提权的4种方法https://www.jianshu.com/p/fef2377f6a31
linux内核提权系列教程(3):栈变量未初始化漏洞https://www.jianshu.com/p/b28b964b9243
【linux内核漏洞利用】ret2dir利用方法https://www.jianshu.com/p/3c662b6163a7
【内核漏洞利用】绕过CONFIG_SLAB_FREELIST_HARDENED防护—kernoob两种解法https://blog.csdn.net/panhewu9919/article/details/111839950
https://github.com/facebook-cloud/kernel-security-learning#2-paper
https://github.com/facebook-cloud/kernel-security-learning#1kernel-exploit
ret2dir: Rethinking Kernel Isolationhttps://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/kemerlis
From collision to exploitation_ Unleashing Use-After-Free vulnerabilities in Linux Kernelhttps://gts3.org/~wen/assets/papers/xu:collision-slides.pdf
Prefetch Side-Channel Attacks - Bypassing SMAP and Kernel ASLRhttps://doi.org/10.1145/2976749.2978356
Breaking Kernel Address Space Layout Randomization with Intel TSXhttps://doi.org/10.1145/2976749.2978321
SemFuzz: Semantics-based Automatic Generation of Proof-of-Concept Exploitshttps://acmccs.github.io/papers/p2139-youA.pdf
Unleashing Use-Before-Initialization Vulnerabilities in the Linux Kernel Using Targeted Stack Sprayinghttps://www-users.cs.umn.edu/~kjlu/papers/tss.pdf
notehttps://www.jianshu.com/p/636db0e5d246
FUZE-Towards Facilitating Exploit Generation for Kernel Use-After-Free Vulnerabilitieshttps://www.usenix.org/system/files/conference/usenixsecurity18/sec18-wu_0.pdf
notehttps://www.jianshu.com/p/cfe7c9f7e852
tool-FUZEhttps://github.com/ww9210/Linux_kernel_exploits
KEPLER-Facilitating Control-flow Hijacking Primitive Evaluation for Linux Kernel Vulnerabilitieshttps://www.usenix.org/system/files/sec19-wu-wei.pdf
notehttps://www.jianshu.com/p/53570db6fcba
tool-KEPLERhttps://github.com/ww9210/kepler-cfhp
SLAKE-Facilitating Slab Manipulation for Exploiting Vulnerabilities in the Linux Kernelhttp://www.personal.psu.edu/yxc431/publications/SLAKE.pdf
notehttps://www.jianshu.com/p/d731cd87c6f4
tool-SLAKEhttps://github.com/chenyueqi/SLAKE
KOOBE: Towards Facilitating Exploit Generation of Kernel Out-Of-Bounds Write Vulnerabilitieshttps://www.usenix.org/conference/usenixsecurity20/presentation/chen-weiteng
notehttps://www.jianshu.com/p/24cb664a2811
note2https://securitygossip.com/blog/2020/04/03/koobe-towards-facilitating-exploit-generation-of-kernel-out-of-bounds-write-vulnerabilities/
tool-KOOBEhttps://github.com/seclab-ucr/KOOBE
A Systematic Study of Elastic Objects in Kernel Exploitationhttp://www.personal.psu.edu/yxc431/publications/ELOISE.pdf
notehttps://www.jianshu.com/p/982b42f3671f
note2https://securitygossip.com/blog/2020/11/03/a-systematic-study-of-elastic-objects-in-kernel-exploitation/
tool-ELOISEhttps://github.com/chenyueqi/w2l
Exploiting Uses of Uninitialized Stack Variables in Linux Kernels to Leak Kernel Pointershttps://sefcom.asu.edu/publications/leak-kptr-woot20.pdf
ExpRace: Exploiting Kernel Races through Raising Interruptshttps://www.usenix.org/conference/usenixsecurity21/presentation/lee-yoochan
notehttps://bsauce.github.io/2021/05/26/USENIX-2021-EXPRACE/
https://github.com/facebook-cloud/kernel-security-learning#2kernel-vulerability-detection
Improving integer security for systems with KINThttps://www.usenix.org/conference/osdi12/technical-sessions/presentation/wang
QSEE TrustZone Kernel Integer Overflowhttps://paper.bobylive.com/Meeting_Papers/BlackHat/USA-2014/us-14-Rosenberg-Reflections-On-Trusting-TrustZone-WP.pdf
Static Analysis of Variability in System Software - The 90, 000 #ifdefs Issuehttps://www.usenix.org/conference/atc14/technical-sessions/presentation/tartler
SKI:Exposing Kernel Concurrency Bugs through Systematic Schedule Explorationhttps://www.usenix.org/system/files/conference/osdi14/osdi14-paper-fonseca.pdf
Cross-checking semantic correctness: The case of finding file system bugshttps://lifeasageek.github.io/papers/min-juxta.pdf
tool-JUXTAhttps://github.com/sslab-gatech/juxta
UniSan-Proactive Kernel Memory Initialization to Eliminate Data Leakageshttps://dl.acm.org/doi/pdf/10.1145/2976749.2978366
notehttp://www.inforsec.org/wp/?p=1416
tool-unisanhttps://github.com/sslab-gatech/unisan
APISan: Sanitizing API Usages through Semantic Cross-Checkinghttps://pdfs.semanticscholar.org/29c2/42b2b73c376a61344877d5488f33e066ecc8.pdf?_ga=2.254762891.2010008061.1593351615-150437918.1586869794
tool-apisanhttps://github.com/sslab-gatech/apisan
DangSan - Scalable Use-after-free Detectionhttps://doi.org/10.1145/3064176.3064211
tool-dangsanhttps://github.com/vusec/dangsan
CAB-Fuzz:Practical Concolic Testing Techniques for {COTS} Operating Systemshttps://www.usenix.org/system/files/conference/atc17/atc17-kim.pdf
DIFUZE-Interface Aware Fuzzing for Kernel Drivershttps://acmccs.github.io/papers/p2123-corinaA.pdf
notehttps://www.jianshu.com/p/670b141d1b8d
tool-difuzehttps://github.com/ucsb-seclab/difuze
Digtool- A Virtualization-Based Framework for Detecting Kernel Vulnerabilities-usenixhttps://www.usenix.org/system/files/conference/usenixsecurity17/sec17-pan.pdf
notehttps://www.jianshu.com/p/3cc85231657d
note2https://mp.weixin.qq.com/s/RFWqx0LXWuHcJNbb8lrjFA
note3http://yama0xff.com/2019/02/15/Digtool-A-Virtualization-Based-Framework-for-Detecting-Kernel-Vulnerabilities/
note4https://securitygossip.com/blog/2018/10/09/digtool-a-virtualization-based-framework-for-detecting-kernel-vulnerabilities/
How Double-Fetch Situations turn into DoubleFetchhttps://www.usenix.org/system/files/conference/usenixsecurity17/sec17-wang.pdf
notehttp://www.inforsec.org/wp/?p=2049
toolhttps://github.com/wpengfei/double_fetch_cocci
DR. CHECKER- A Soundy Analysis for Linux Kernel Drivershttps://www.usenix.org/system/files/conference/usenixsecurity17/sec17-machiry.pdf
tool-dr_checkerhttps://github.com/ucsb-seclab/dr_checker
kAFL- Hardware-Assisted Feedback Fuzzing for OS Kernelshttps://www.usenix.org/system/files/conference/usenixsecurity17/sec17-schumilo.pdf
notehttps://www.jianshu.com/u/cd49be7bd6b5
tool-kAFLhttps://github.com/RUB-SysSec/kAFL
DEADLINE-Precise and Scalable Detection of Double-Fetch Bugs in OS Kernelshttp://www-users.cs.umn.edu/~kjlu/papers/deadline.pdf
notehttps://www.jianshu.com/p/e4084b2c7c16
note2https://www.jianshu.com/p/7e2f15547f1e
note3https://www.inforsec.org/wp/?p=2550
tool-DEADLINEhttps://github.com/sslab-gatech/deadline
Check It Again- Detecting Lacking-Recheck Bugs in OS Kernels https://www-users.cs.umn.edu/~kjlu/papers/lrsan.pdf
notehttps://www.jianshu.com/p/2f8df6082b1d
note2https://securitygossip.com/blog/2018/11/27/check-it-again-detecting-lacking-recheck-bugs-in-os-kernels/
tool-LRSanhttps://github.com/kengiter/lrsan
MoonShine:Optimizing OS Fuzzer Seed Selection with Trace Distillationhttp://www.cs.columbia.edu/~suman/docs/moonshine.pdf
notehttps://www.jianshu.com/p/7e90ad222acf
note2https://blog.csdn.net/RainyD4y/article/details/106892658
tool-moonshinehttps://github.com/shankarapailoor/moonshine
K-Miner: Uncovering Memory Corruption in Linuxhttp://wp.internetsociety.org/ndss/wp-content/uploads/sites/25/2018/02/ndss2018_05A-1_Gens_paper.pdf
notehttps://mp.weixin.qq.com/s/3N3rmAyZEbZpiBvxnjWVvA
note2https://blog.csdn.net/u012332816/article/details/79795643
tool-K-Minerhttps://github.com/ssl-tud/k-miner
Razzer:Finding Kernel Race Bugs through Fuzzinghttps://lifeasageek.github.io/papers/jeong-razzer.pdf
notehttps://www.jianshu.com/p/43ced9660257
note2https://www.jianshu.com/p/e8296dbae313
note3https://securitygossip.com/blog/2019/03/06/razzer-finding-kernel-race-bugs-through-fuzzing/
tool-razzerhttps://github.com/compsec-snu/razzer
Unicorefuzz- On the Viability of Emulation for Kernelspace Fuzzinghttps://www.usenix.org/system/files/woot19-paper_maier.pdf
tool-unicorefuzzhttps://github.com/fgsect/unicorefuzz
Detecting Concurrency Memory Corruption Vulnerabilitieshttps://dl.acm.org/doi/10.1145/3338906.3338927
tool-CONVULhttps://github.com/mryancai/ConVul
Fuzzing File Systems via Two-Dimensional Input Space Explorationhttps://taesoo.kim/pubs/2019/xu:janus.pdf
notehttps://www.jianshu.com/p/23c3e41254b6
note2https://blog.csdn.net/RainyD4y/article/details/106892751
tool-JANUShttps://github.com/sslab-gatech/janus
Detecting Missing-Check Bugs via Semantic- and Context-Aware Criticalness and Constraints Inferenceshttps://www.usenix.org/conference/usenixsecurity19/presentation/lu
tool-CRIXhttps://github.com/umnsec/crix
Effective Static Analysis of Concurrency Use-After-Free Bugs in Linux Device Drivershttps://www.usenix.org/conference/atc19/presentation/bai
notehttps://securitygossip.com/blog/2019/11/22/effective-static-analysis-of-concurrency-use-after-free-bugs-in-linux-device-drivers/
PeriScope:An Effective Probing and Fuzzing Framework for the Hardware-OS Boundaryhttps://www.ndss-symposium.org/wp-content/uploads/2019/02/ndss2019_04A-1_Song_paper.pdf
notehttps://www.jianshu.com/p/34568906d900
tool-periscopehttps://github.com/securesystemslab/periscope
DSAC: Effective Static Analysis of Sleep-in-Atomic-Context Bugs in Kernel Moduleshttps://www.usenix.org/system/files/conference/atc18/atc18-bai.pdf
Effective Detection of Sleep-in-atomic-context Bugs in the Linux Kernelhttps://dl.acm.org/doi/pdf/10.1145/3381990
HFL: Hybrid Fuzzing on the Linux Kernelhttps://www.ndss-symposium.org/ndss-paper/hfl-hybrid-fuzzing-on-the-linux-kernel/
notehttps://blog.csdn.net/wcventure/article/details/105281874
note2https://securitygossip.com/blog/2020/05/09/hfl-hybrid-fuzzing-on-the-linux-kernel/
note3https://mp.weixin.qq.com/s/RazaTgtrgrKfCFRKlBHyww
Krace: Data Race Fuzzing for Kernel File Systemshttps://www.computer.org/csdl/proceedings-article/sp/2020/349700b568/1iqVRYHTi24
notehttps://securitygossip.com/blog/2020/06/19/krace-data-race-fuzzing-for-kernel-file-systems/
presentationhttps://www.usenix.org/conference/usenixsecurity20/presentation/song
Muzz: Thread-aware Grey-box Fuzzing for Effective Bug Hunting in Multithreaded Programshttps://www.usenix.org/system/files/sec20-chen-hongxu.pdf
notehttps://securitygossip.com/blog/2020/09/18/muzz-thread-aware-grey-box-fuzzing-for-effective-bug-hunting-in-multithreaded-programs/
Exaggerated Error Handling Hurts! An In-Depth Study and Context-Aware Detectionhttps://www-users.cs.umn.edu/~kjlu/papers/eecatch.pdf
notehttps://securitygossip.com/blog/2020/08/04/exaggerated-error-handling-hurts-an-in-depth-study-and-context-aware-detection/
UBITect: A Precise and Scalable Method to Detect Use-Before-Initialization Bugs in Linux Kernelhttps://www.cs.ucr.edu/~csong/fse20-ubitect.pdf
notehttps://securitygossip.com/blog/2020/10/15/ubitect-a-precise-and-scalable-method-to-detect-use-before-initialization-bugs-in-linux-kernel/
KCSAN-Data-race detection in the Linux kernelhttps://www.linuxplumbersconf.org/event/7/contributions/647/attachments/549/972/LPC2020-KCSAN.pdf
2021-NDSShttps://www.ndss-symposium.org/ndss-program/ndss-2021/
Detecting Kernel Memory Leaks in Specialized Modules With Ownership Reasoninghttps://www.ndss-symposium.org/wp-content/uploads/ndss2021_5B-4_24416_paper.pdf
notehttps://securitygossip.com/blog/2021/01/12/detecting-kernel-memory-leaks-in-specialized-modules-with-ownership-reasoning/
KUBO: Precise and Scalable Detection of User-triggerable Undefined Behavior Bugs in OS Kernelhttps://www.ndss-symposium.org/wp-content/uploads/ndss2021_1B-5_24461_paper.pdf
notehttps://mp.weixin.qq.com/s/LI49ioKYMksguQMqKH1Rcw
Detecting Kernel Refcount Bugs with Two-Dimensional Consistency Checkinghttps://www.usenix.org/conference/usenixsecurity21/presentation/tan
https://github.com/facebook-cloud/kernel-security-learning#3kernel-defense
Practical Protection of Kernel Integrity for Commodity OS from Untrusted Extensionshttps://www.ndss-symposium.org/ndss2011/practical-protection-of-kernel-integrity-for-commodity-os-from-untrusted-extensions
SigGraph - Brute Force Scanning of Kernel Data Structure Instances Using Graph-based Signatureshttps://www.ndss-symposium.org/ndss2011/siggraph-brute-force-scanning-of-kernel-data-structure-instances-using-graph-based-signatures
Efficient Monitoring of Untrusted Kernel-Mode Executionhttps://www.ndss-symposium.org/ndss2011/efficient-monitoring-untrusted-kernel-mode-execution
Kruiser - Semi-synchronized Non-blocking Concurrent Kernel Heap Buffer Overflow Monitoringhttps://www.ndss-symposium.org/ndss2012/kruiser-semi-synchronized-non-blocking-concurrent-kernel-heap-buffer-overflow-monitoring
Improving Integer Security for Systems with KINThttps://www.usenix.org/conference/osdi12/technical-sessions/presentation/wang
Smashing the Gadgets - Hindering Return-Oriented Programming Using In-place Code Randomizationhttps://doi.org/10.1109/SP.2012.41
Enhanced Operating System Security Through Efficient and Fine-grained Address Space Randomizationhttps://www.usenix.org/conference/usenixsecurity12/technical-sessions/presentation/giuffrida
Process firewalls - protecting processes during resource accesshttps://doi.org/10.1145/2465351.2465358
Attack Surface Metrics and Automated Compile-Time OS Kernel Tailoringhttps://www.ndss-symposium.org/ndss2013/attack-surface-metrics-and-automated-compile-time-os-kernel-tailoring
Just-In-Time Code Reuse - On the Effectiveness of Fine-Grained Address Space Layout Randomizationhttps://doi.org/10.1109/SP.2013.45
A Tale of Two Kernels - Towards Ending Kernel Hardening Wars with Split Kernelhttps://doi.org/10.1145/2660267.2660331
ROPecker - A Generic and Practical Approach For Defending Against ROP Attackshttps://www.ndss-symposium.org/ndss2014/ropecker-generic-and-practical-approach-defending-against-rop-attacks
Jitk - A Trustworthy In-Kernel Interpreter Infrastructurehttps://www.usenix.org/conference/osdi14/technical-sessions/presentation/wang_xi
KCoFI - Complete Control-Flow Integrity for Commodity Operating System Kernelshttps://doi.org/10.1109/SP.2014.26
Dancing with Giants - Wimpy Kernels for On-Demand Isolated I/Ohttps://doi.org/10.1109/SP.2014.27
Preventing Use-after-free with Dangling Pointers Nullificationhttps://www.ndss-symposium.org/ndss2015/preventing-use-after-free-dangling-pointers-nullification
Enforcing Kernel Security Invariants with Data Flow Integrityhttp://wp.internetsociety.org/ndss/wp-content/uploads/sites/25/2017/09/enforcing-kernal-security-invariants-data-flow-integrity.pdf
Light-Weight Contexts - An OS Abstraction for Safety and Performancehttps://www.usenix.org/conference/osdi16/technical-sessions/presentation/litton
EbbRT - A Framework for Building Per-Application Library Operating Systemshttps://www.usenix.org/conference/osdi16/technical-sessions/presentation/schatzberg
A Characterization of State Spill in Modern Operating Systemshttps://doi.org/10.1145/3064176.3064205
kRˆX: Comprehensive Kernel Protection Against Just-In-Time Code Reusehttps://doi.org/10.1145/3064176.3064216
slideshttp://www.cs.columbia.edu/~theofilos/files/slides/krx.pdf
PT-Rand - Practical Mitigation of Data-only Attacks against Page Tableshttps://www.ndss-symposium.org/ndss2017/ndss-2017-programme/pt-rand-practical-mitigation-data-only-attacks-against-page-tables/
NORAX - Enabling Execute-Only Memory for COTS Binaries on AArch64https://doi.org/10.1109/SP.2017.30
FreeGuard - A Faster Secure Heap Allocatorhttps://doi.org/10.1145/3133956.3133957
Lock-in-Pop - Securing Privileged Operating System Kernels by Keeping on the Beaten Pathhttps://www.usenix.org/conference/atc17/technical-sessions/presentation/li-yiwen
Can’t Touch This: Software-only Mitigation against Rowhammer Attacks targeting Kernel Memoryhttps://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/brasser
Oscar: A Practical Page-Permissions-Based Scheme for Thwarting Dangling Pointershttps://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/dang
LBM - A Security Framework for Peripherals within the Linux Kernelhttps://doi.org/10.1109/SP.2019.00041
SoK - Shining Light on Shadow Stackshttps://doi.org/10.1109/SP.2019.00076
SoK - Sanitizing for Securityhttps://doi.org/10.1109/SP.2019.00010
PeX: A Permission Check Analysis Framework for Linux Kernelhttps://www.usenix.org/conference/usenixsecurity19/presentation/zhang-tong
ERIM: Secure, Efficient In-process Isolation with Protection Keys (MPK)https://www.usenix.org/conference/usenixsecurity19/presentation/vahldiek-oberwagner
LXDs - Towards Isolation of Kernel Subsystemshttps://www.usenix.org/conference/atc19/presentation/narayanan
SafeHidden: An Efficient and Secure Information Hiding Technique Using Re-randomizationhttps://www.usenix.org/conference/usenixsecurity19/presentation/wang
xMP: Selective Memory Protection for Kernel and User Spacehttps://www.computer.org/csdl/proceedings-article/sp/2020/349700a603/1iqVRnCoPjq
SEIMI: Efficient and Secure SMAP-Enabled Intra-process Memory Isolationhttps://www.computer.org/csdl/proceedings-article/sp/2020/349700b332/1iqVRPB1xbG
notehttps://securitygossip.com/blog/2020/06/12/seimi-efficient-and-secure-smap-enabled-intra-process-memory-isolation/
Undo Workarounds for Kernel Bugshttps://www.usenix.org/conference/usenixsecurity21/presentation/talebi
SHARD: Fine-Grained Kernel Specialization with Context-Aware Hardeninghttps://www.usenix.org/conference/usenixsecurity21/presentation/abubakar
Preventing Use-After-Free Attacks with Fast Forward Allocationhttps://www.usenix.org/conference/usenixsecurity21/presentation/wickman
security things in every version of Linux mainlinehttps://outflux.net/blog/
PaX code analysishttps://github.com/hardenedlinux/grsecurity-101-tutorials/tree/master/grsec-code-analysis
A Decade of Linux Kernel Vulnerabilities, their Mitigation and Open Problems-2017https://github.com/maxking/linux-vulnerabilities-10-years
10_years_of_linux_security_by_grsecurity_2020https://grsecurity.net/10_years_of_linux_security.pdf
linux-kernel-defence-maphttps://github.com/a13xp0p0v/linux-kernel-defence-map
The State of Kernel Self Protection-2018https://outflux.net/slides/2018/lca/kspp.pdf
https://github.com/facebook-cloud/kernel-security-learning#4-android
Automatic Hot Patch Generation for Android Kernelshttps://www.usenix.org/conference/usenixsecurity20/presentation/xu
notehttps://securitygossip.com/blog/2020/03/31/automatic-hot-patch-generation-for-android-kernels/
https://github.com/facebook-cloud/kernel-security-learning#3-cve
Linux kernel 4.20 BPF 整数溢出漏洞分析https://www.cnblogs.com/bsauce/p/11560224.html
【kernel exploit】CVE-2017-5123 null任意地址写漏洞https://bsauce.github.io/2021/05/31/CVE-2017-5123/
【CVE-2017-7184】Linux xfrm模块越界读写提权漏洞分析https://www.cnblogs.com/bsauce/p/11634185.html
【kernel exploit】CVE-2017-7308 AF_PACKET 环形缓冲区溢出漏洞https://bsauce.github.io/2021/05/19/CVE-2017-7308/
【kernel exploit】CVE-2017-8890 Phoenix Talon漏洞分析与利用https://bsauce.github.io/2021/03/22/writeup-CVE-2017-8890/
【kernel exploit】CVE-2017-11176 竞态Double-Free漏洞调试https://bsauce.github.io/2021/02/21/CVE-2017-11176/
【CVE-2017-16995】Linux ebpf模块整数扩展问题导致提权漏洞分析https://www.cnblogs.com/bsauce/p/11583310.html
【kernel exploit】CVE-2017-1000112 UDP报文处理不一致导致堆溢出https://bsauce.github.io/2021/06/18/CVE-2017-1000112/
【kernel exploit】CVE-2020-8835:eBPF verifier 错误处理导致越界读写https://www.cnblogs.com/bsauce/p/14123111.html
【kernel exploit】BPF漏洞挖掘与CVE-2020-27194 整数溢出漏洞https://bsauce.github.io/2020/12/14/CVE-2020-27194/
【kernel exploit】CVE-2021-3156 sudo漏洞分析与利用https://bsauce.github.io/2021/02/01/writeup-CVE-2021-3156/
【kernel exploit】CVE-2021-26708 四字节写特殊竞争UAF转化为内核任意读写https://bsauce.github.io/2021/04/16/writeup-CVE-2021-26708/
【kernel exploit】CVE-2021-31440 eBPF边界计算错误漏洞https://bsauce.github.io/2021/06/09/CVE-2021-31440/
https://github.com/facebook-cloud/kernel-security-learning#4-tool
https://github.com/facebook-cloud/kernel-security-learning#5-debug--other-techniques
linux双机调试https://www.cnblogs.com/bsauce/p/11634162.html
linux内核漏洞利用初探(1):环境配置https://blog.csdn.net/panhewu9919/article/details/99438304
【linux内核调试】SystemTap使用技巧https://blog.csdn.net/panhewu9919/article/details/103113711
【linux内核调试】使用Ftrace来Hook linux内核函数https://www.jianshu.com/p/bf70a262787e
【linux内核调试】ftrace/kprobes/SystemTap内核调试方法对比https://www.jianshu.com/p/285c91c97c28
【KVM】KVM学习—实现自己的内核https://www.jianshu.com/p/5ec4507e9be0
https://github.com/facebook-cloud/kernel-security-learning#reference
linux-security-papershttps://github.com/akshithg/linux-security-papers
linux-kernel-exploitationhttps://github.com/xairy/linux-kernel-exploitation
GoSSIP_Software Security Grouphttps://securitygossip.com/blog/archives/
Readme https://github.com/facebook-cloud/kernel-security-learning#readme-ov-file
Please reload this pagehttps://github.com/facebook-cloud/kernel-security-learning
Activityhttps://github.com/facebook-cloud/kernel-security-learning/activity
0 forkshttps://github.com/facebook-cloud/kernel-security-learning/forks
Report repository https://github.com/contact/report-content?content_url=https%3A%2F%2Fgithub.com%2Ffacebook-cloud%2Fkernel-security-learning&report=facebook-cloud+%28user%29
Releaseshttps://github.com/facebook-cloud/kernel-security-learning/releases
Packages 0https://github.com/users/facebook-cloud/packages?repo_name=kernel-security-learning
Please reload this pagehttps://github.com/facebook-cloud/kernel-security-learning
Contributorshttps://github.com/facebook-cloud/kernel-security-learning/graphs/contributors
Please reload this pagehttps://github.com/facebook-cloud/kernel-security-learning
https://github.com
Termshttps://docs.github.com/site-policy/github-terms/github-terms-of-service
Privacyhttps://docs.github.com/site-policy/privacy-policies/github-privacy-statement
Securityhttps://github.com/security
Statushttps://www.githubstatus.com/
Communityhttps://github.community/
Docshttps://docs.github.com/
Contacthttps://support.github.com?tags=dotcom-footer

Viewport: width=device-width


URLs of crawlers that visited me.