Skip to content

Commit c37b23f

Browse files
guohao.wangSn0rt
authored andcommitted
NEW: to prepare new section that is about kernel exp dev
Signed-off-by: guohao.wang <[email protected]>
1 parent 5a58fc0 commit c37b23f

File tree

2 files changed

+26
-2
lines changed

2 files changed

+26
-2
lines changed

chapter3/README.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -7,11 +7,11 @@
77

88
## 套路研习
99

10-
[heap overflow using unlink on linux32](./linux-x86-unlink.md) 过期
10+
[heap overflow using unlink on linux32](./linux-x86-unlink.md) 过时
1111

1212
[heap overflow with using malloc maleficarum on linux32](./heap-overflow-uisng-malloc-maleficarum.md)
1313

14-
[off-by-one vulnerability (heap based) on linux32](./linux-x86-off-by-one.md) 过期
14+
[off-by-one vulnerability (heap based) on linux32](./linux-x86-off-by-one.md) 过时
1515

1616
[use after free on linux32](./linux-x86-UAF.md) 主流!
1717

chapter4/README.md

Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1 +1,25 @@
11
# 内核安全
2+
3+
## 安全机制
4+
5+
kernel ROP 非常类似于用户态的 ROP,主要区别是用户态使用`system()`来调用执行 shellcode,而内核 ROP 是通过`prepare_kernel_cred()`来提升权限,下面介绍 x86 上面 rop 构造 ret2dir。
6+
7+
[Linux kernel ROP](http://www.freebuf.com/articles/system/94198.html)
8+
9+
[ret2dir: Rethinking Kernel Isolation](http://www.cs.columbia.edu/~vpk/papers/ret2dir.sec14.pdf)
10+
11+
PXN 是 ARM 平台下的一项内核保护措施,该措施的目的是阻止内核执行用户态代码,保证内核的执行流程不会被劫持到用户空间。
12+
13+
[PXN 的研究与绕过](http://blog.csdn.net/hu3167343/article/details/47394707)
14+
15+
[Ownyour Android! Yet Another Universal Root](https://www.blackhat.com/docs/us-15/materials/us-15-Xu-Ah-Universal-Android-Rooting-Is-Back-wp.pdf)
16+
17+
## 现实案例研究
18+
19+
[CVE-2014-2851 group_info UAF Exploitation](http://www.freebuf.com/vuls/92465.html)
20+
21+
[(CVE-2015-3636) CVE-2015-3636 kernel: ping sockets: use-after-free leading to local privilege escalation](https://bugzilla.redhat.com/show_bug.cgi?id=1218074)
22+
23+
[ANALYSISAND EXPLOITATION OF A LINUX KERNEL VULNERABILITY (CVE-2016-0728)](http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728/)
24+
25+
[]

0 commit comments

Comments
 (0)