Need help with kernel-security-learning?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

253 Stars 34 Forks 33 Commits 0 Opened issues


Anything about kernel security. CTF kernel pwn, kernel exploit, kernel fuzz and kernel defense paper, kernel debugging technique, kernel CVE debug.

Services available


Need anything else?

Contributors list

# 119,569
33 commits


Anything about kernel security. CTF kernel pwn & kernel exploit, kernel fuzz and kernel defense paper & kernel debugging technique & kernel CVE debug.

Keep updating...

1. CTF

  1. linux内核漏洞利用初探(1):环境配置
  2. linux内核漏洞利用初探(2):demo-null_dereference
  3. linux内核漏洞利用初探(3):demo-stack_overflow
  4. 【Linux内核漏洞利用】2018强网杯core_栈溢出
  5. 【Linux内核漏洞利用】CISCN2017-babydriver_UAF漏洞
  6. 【Linux内核漏洞利用】0CTF2018-baby-double-fetch
  7. 【Linux内核漏洞利用】强网杯2018-solid_core-任意读写
  8. 【linux内核漏洞利用】StringIPC—从任意读写到权限提升三种方法
  9. 【linux内核漏洞利用】STARCTF 2019 hackme—call_usermodehelper提权路径变量总结
  10. 【linux内核漏洞利用】WCTF 2018 klist—竞争UAF-pipe堆喷
  11. 【linux内核漏洞利用】TokyoWesternsCTF-2019-gnote Double-Fetch
  12. 【linux内核userfaultfd使用】Balsn CTF 2019 - KrazyNote
  13. linux内核提权系列教程(1):堆喷射函数sendmsg与msgsend利用
  14. linux内核提权系列教程(2):任意地址读写到提权的4种方法
  15. linux内核提权系列教程(3):栈变量未初始化漏洞
  16. 【linux内核漏洞利用】ret2dir利用方法
  17. 【内核漏洞利用】绕过CONFIGSLABFREELIST_HARDENED防护—kernoob两种解法

2. Paper

(1)kernel exploit

  1. 2014-USENIX:ret2dir: Rethinking Kernel Isolation
  2. 2015-CCS:From collision to exploitation_ Unleashing Use-After-Free vulnerabilities in Linux Kernel
  3. 2016-CCS:Prefetch Side-Channel Attacks - Bypassing SMAP and Kernel ASLR
  4. 2016-CCS:Breaking Kernel Address Space Layout Randomization with Intel TSX
  5. 2017-CCS:SemFuzz: Semantics-based Automatic Generation of Proof-of-Concept Exploits
  6. 2017-NDSS:Unleashing Use-Before-Initialization Vulnerabilities in the Linux Kernel Using Targeted Stack Spraying — 【note
  7. 2018-USENIX:FUZE-Towards Facilitating Exploit Generation for Kernel Use-After-Free Vulnerabilities — 【note】【tool-FUZE
  8. 2019-USENIX:KEPLER-Facilitating Control-flow Hijacking Primitive Evaluation for Linux Kernel Vulnerabilities — 【note】【tool-KEPLER
  9. 2019-CCS:SLAKE-Facilitating Slab Manipulation for Exploiting Vulnerabilities in the Linux Kernel — 【note】【tool-SLAKE
  10. 2020-USENIX:KOOBE: Towards Facilitating Exploit Generation of Kernel Out-Of-Bounds Write Vulnerabilities — 【note】【note2】【tool-KOOBE
  11. 2020-CCS:A Systematic Study of Elastic Objects in Kernel Exploitation — 【note】【note2】【tool-ELOISE
  12. 2020-WOOT:Exploiting Uses of Uninitialized Stack Variables in Linux Kernels to Leak Kernel Pointers
  13. 2021-USENIX:ExpRace: Exploiting Kernel Races through Raising Interrupts — 【note

(2)kernel vulerability detection

  1. 2012-OSDI:Improving integer security for systems with KINT
  2. 2014-Black Hat:QSEE TrustZone Kernel Integer Overflow
  3. 2014-USENIX:Static Analysis of Variability in System Software - The 90, 000 #ifdefs Issue
  4. 2014-OSDI:SKI:Exposing Kernel Concurrency Bugs through Systematic Schedule Exploration
  5. 2015-SOSP:Cross-checking semantic correctness: The case of finding file system bugs — 【tool-JUXTA
  6. 2016-USENIX:UniSan-Proactive Kernel Memory Initialization to Eliminate Data Leakages — 【note】【tool-unisan
  7. 2016-USENIX:APISan: Sanitizing API Usages through Semantic Cross-Checking — 【tool-apisan
  8. 2017-EUROSYS:DangSan - Scalable Use-after-free Detection — 【tool-dangsan
  9. 2017-USENIX-ATC:CAB-Fuzz:Practical Concolic Testing Techniques for {COTS} Operating Systems
  10. 2017-CCS:DIFUZE-Interface Aware Fuzzing for Kernel Drivers — 【note】【tool-difuze
  11. 2017-USENIX:Digtool- A Virtualization-Based Framework for Detecting Kernel Vulnerabilities-usenix — 【note】【note2】【note3】【note4
  12. 2017-USENIX:How Double-Fetch Situations turn into DoubleFetch — 【note】【tool
  13. 2017-USENIX:DR. CHECKER- A Soundy Analysis for Linux Kernel Drivers — 【tool-dr_checker
  14. 2017-USENIX:kAFL- Hardware-Assisted Feedback Fuzzing for OS Kernels — 【note】【tool-kAFL
  15. 2018-S&P:DEADLINE-Precise and Scalable Detection of Double-Fetch Bugs in OS Kernels — 【note】【note2】【note3】【tool-DEADLINE
  16. 2018-CCS:Check It Again- Detecting Lacking-Recheck Bugs in OS Kernels — 【note】【note2】【tool-LRSan
  17. 2018-USENIX:MoonShine:Optimizing OS Fuzzer Seed Selection with Trace Distillation — 【note】【note2】【tool-moonshine
  18. 2018-NDSS:K-Miner: Uncovering Memory Corruption in Linux — 【note】【note2】【tool-K-Miner
  19. 2019-S&P:Razzer:Finding Kernel Race Bugs through Fuzzing — 【note】【note2】【note3】【tool-razzer
  20. 2019-WOOT-Workshop:Unicorefuzz- On the Viability of Emulation for Kernelspace Fuzzing — 【tool-unicorefuzz
  21. 2019-FSE:Detecting Concurrency Memory Corruption Vulnerabilities — 【tool-CONVUL
  22. 2019-S&P:Fuzzing File Systems via Two-Dimensional Input Space Exploration — 【note】 【note2】【tool-JANUS
  23. 2019-USENIX:Detecting Missing-Check Bugs via Semantic- and Context-Aware Criticalness and Constraints Inferences — 【tool-CRIX
  24. 2019-USENIX-ATC:Effective Static Analysis of Concurrency Use-After-Free Bugs in Linux Device Drivers — 【note
  25. 2019-NDSS:PeriScope:An Effective Probing and Fuzzing Framework for the Hardware-OS Boundary — 【note】【tool-periscope
  26. 2018-USENIX-ATC:DSAC: Effective Static Analysis of Sleep-in-Atomic-Context Bugs in Kernel Modules
  27. 2020-TOCS:Effective Detection of Sleep-in-atomic-context Bugs in the Linux Kernel
  28. 2020-NDSS:HFL: Hybrid Fuzzing on the Linux Kernel — 【note】【note2】【note3
  29. 2020-S&P:Krace: Data Race Fuzzing for Kernel File Systems — 【note
  30. 2020-USENIX:Agamotto: Accelerating Kernel Driver Fuzzing with Lightweight Virtual Machine Checkpoints — presentation
  31. 2020-USENIX:Muzz: Thread-aware Grey-box Fuzzing for Effective Bug Hunting in Multithreaded Programs — 【note
  32. 2020-CCS:Exaggerated Error Handling Hurts! An In-Depth Study and Context-Aware Detection —【note
  33. 2020-FSE:UBITect: A Precise and Scalable Method to Detect Use-Before-Initialization Bugs in Linux Kernel — 【note
  34. 2020-LPC:KCSAN-Data-race detection in the Linux kernel
  35. 2021-NDSSDetecting Kernel Memory Leaks in Specialized Modules With Ownership Reasoning — 【note
  36. 2021-NDSS:KUBO: Precise and Scalable Detection of User-triggerable Undefined Behavior Bugs in OS Kernel — 【note
  37. 2021-USENIX:Detecting Kernel Refcount Bugs with Two-Dimensional Consistency Checking
  38. 2021-CCS:Statically Discovering High-Order Taint Style Vulnerabilities in OS Kernels — 【note

(3)kernel defense

  1. 2011-NDSS:Practical Protection of Kernel Integrity for Commodity OS from Untrusted Extensions
  2. 2011-NDSS:SigGraph - Brute Force Scanning of Kernel Data Structure Instances Using Graph-based Signatures
  3. 2011-NDSS:Efficient Monitoring of Untrusted Kernel-Mode Execution
  4. 2012-NDSS:Kruiser - Semi-synchronized Non-blocking Concurrent Kernel Heap Buffer Overflow Monitoring
  5. 2012-OSDI:Improving Integer Security for Systems with KINT
  6. 2012-S&P:Smashing the Gadgets - Hindering Return-Oriented Programming Using In-place Code Randomization
  7. 2012-USS:Enhanced Operating System Security Through Efficient and Fine-grained Address Space Randomization
  8. 2013-EUROSYS:Process firewalls - protecting processes during resource access
  9. 2013-NDSS:Attack Surface Metrics and Automated Compile-Time OS Kernel Tailoring
  10. 2013-S&P:Just-In-Time Code Reuse - On the Effectiveness of Fine-Grained Address Space Layout Randomization
  11. 2014-CCS:A Tale of Two Kernels - Towards Ending Kernel Hardening Wars with Split Kernel
  12. 2014-NDSS:ROPecker - A Generic and Practical Approach For Defending Against ROP Attacks
  13. 2014-OSDI:Jitk - A Trustworthy In-Kernel Interpreter Infrastructure
  14. 2014-S&P:KCoFI - Complete Control-Flow Integrity for Commodity Operating System Kernels
  15. 2014-S&P:Dancing with Giants - Wimpy Kernels for On-Demand Isolated I/O
  16. 2015-NDSS:Preventing Use-after-free with Dangling Pointers Nullification
  17. 2016-NDSS:Enforcing Kernel Security Invariants with Data Flow Integrity
  18. 2016-OSDI:Light-Weight Contexts - An OS Abstraction for Safety and Performance
  19. 2016-OSDI:EbbRT - A Framework for Building Per-Application Library Operating Systems
  20. 2017-EUROSYS:A Characterization of State Spill in Modern Operating Systems
  21. 2017-EUROSYS:kRˆX: Comprehensive Kernel Protection Against Just-In-Time Code Reuseslides
  22. 2017-NDSS:PT-Rand - Practical Mitigation of Data-only Attacks against Page Tables
  23. 2017-S&P:NORAX - Enabling Execute-Only Memory for COTS Binaries on AArch64
  24. 2017-CCS:FreeGuard - A Faster Secure Heap Allocator
  25. 2017-USENIX:Lock-in-Pop - Securing Privileged Operating System Kernels by Keeping on the Beaten Path
  26. 2017-USENIX:Can’t Touch This: Software-only Mitigation against Rowhammer Attacks targeting Kernel Memory
  27. 2017-USENIX:Oscar: A Practical Page-Permissions-Based Scheme for Thwarting Dangling Pointers
  28. 2019-S&P:LBM - A Security Framework for Peripherals within the Linux Kernel
  29. 2019-S&P:SoK - Shining Light on Shadow Stacks
  30. 2019-S&P:SoK - Sanitizing for Security
  31. 2019-USENIX:PeX: A Permission Check Analysis Framework for Linux Kernel
  32. 2019-USENIX:ERIM: Secure, Efficient In-process Isolation with Protection Keys (MPK)
  33. 2019-USENIX:LXDs - Towards Isolation of Kernel Subsystems
  34. 2019-USENIX:SafeHidden: An Efficient and Secure Information Hiding Technique Using Re-randomization
  35. 2020-S&P:xMP: Selective Memory Protection for Kernel and User Space
  36. 2020-S&P:SEIMI: Efficient and Secure SMAP-Enabled Intra-process Memory Isolation — 【note
  37. 2021-USENIX:Undo Workarounds for Kernel Bugs
  38. 2021-USENIX:SHARD: Fine-Grained Kernel Specialization with Context-Aware Hardening
  39. 2021-USENIX:Preventing Use-After-Free Attacks with Fast Forward Allocation

other resources:

  1. security things in every version of Linux mainline
  2. PaX code analysis
  3. A Decade of Linux Kernel Vulnerabilities, their Mitigation and Open Problems-2017
  4. 10yearsoflinuxsecuritybygrsecurity_2020—— security mechanism timeline
  5. linux-kernel-defence-map
  6. linux_mitigations
  7. The State of Kernel Self Protection-2018

(4) Android

  1. 2020-USEINX:Automatic Hot Patch Generation for Android Kernels—自动给安卓打补丁 【note

3. CVE

  1. Linux kernel 4.20 BPF 整数溢出漏洞分析
  2. 【kernel exploit】CVE-2017-5123 null任意地址写漏洞
  3. 【CVE-2017-7184】Linux xfrm模块越界读写提权漏洞分析
  4. 【kernel exploit】CVE-2017-7308 AF_PACKET 环形缓冲区溢出漏洞
  5. 【kernel exploit】CVE-2017-8890 Phoenix Talon漏洞分析与利用
  6. 【kernel exploit】CVE-2017-11176 竞态Double-Free漏洞调试
  7. 【CVE-2017-16995】Linux ebpf模块整数扩展问题导致提权漏洞分析
  8. 【kernel exploit】CVE-2017-1000112 UDP报文处理不一致导致堆溢出
  9. 【kernel exploit】CVE-2020-8835:eBPF verifier 错误处理导致越界读写
  10. 【kernel exploit】BPF漏洞挖掘与CVE-2020-27194 整数溢出漏洞
  11. 【kernel exploit】CVE-2021-3156 sudo漏洞分析与利用
  12. 【kernel exploit】CVE-2021-26708 四字节写特殊竞争UAF转化为内核任意读写
  13. 【kernel exploit】CVE-2021-31440 eBPF边界计算错误漏洞

4. Tool

5. Debug & other techniques

  1. linux双机调试
  2. linux内核漏洞利用初探(1):环境配置
  3. 【linux内核调试】SystemTap使用技巧
  4. 【linux内核调试】使用Ftrace来Hook linux内核函数
  5. 【linux内核调试】ftrace/kprobes/SystemTap内核调试方法对比
  6. 【KVM】KVM学习—实现自己的内核




GoSSIP_Software Security Group

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.