Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

Commit c37b23f

Browse files
guohao.wangSn0rt
guohao.wang
authored and
Sn0rt
committed
NEW: to prepare new section that is about kernel exp dev
Signed-off-by: guohao.wang <Sn0rt@abc.shop.edu.cn>
1 parent 5a58fc0 commit c37b23f

File tree

2 files changed

+26
-2
lines changed

2 files changed

+26
-2
lines changed

‎chapter3/README.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -7,11 +7,11 @@
77

88
## 套路研习
99

10-
[heap overflow using unlink on linux32](./linux-x86-unlink.md) 过期!
10+
[heap overflow using unlink on linux32](./linux-x86-unlink.md) 过时!
1111

1212
[heap overflow with using malloc maleficarum on linux32](./heap-overflow-uisng-malloc-maleficarum.md)
1313

14-
[off-by-one vulnerability (heap based) on linux32](./linux-x86-off-by-one.md) 过期!
14+
[off-by-one vulnerability (heap based) on linux32](./linux-x86-off-by-one.md) 过时!
1515

1616
[use after free on linux32](./linux-x86-UAF.md) 主流!
1717

‎chapter4/README.md

Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1 +1,25 @@
11
# 内核安全
2+
3+
## 安全机制
4+
5+
kernel ROP 非常类似于用户态的 ROP,主要区别是用户态使用`system()`来调用执行 shellcode,而内核 ROP 是通过`prepare_kernel_cred()`来提升权限,下面介绍 x86 上面 rop 构造 ret2dir。
6+
7+
[Linux kernel ROP](http://www.freebuf.com/articles/system/94198.html)
8+
9+
[ret2dir: Rethinking Kernel Isolation](http://www.cs.columbia.edu/~vpk/papers/ret2dir.sec14.pdf)
10+
11+
PXN 是 ARM 平台下的一项内核保护措施,该措施的目的是阻止内核执行用户态代码,保证内核的执行流程不会被劫持到用户空间。
12+
13+
[PXN 的研究与绕过](http://blog.csdn.net/hu3167343/article/details/47394707)
14+
15+
[Ownyour Android! Yet Another Universal Root](https://www.blackhat.com/docs/us-15/materials/us-15-Xu-Ah-Universal-Android-Rooting-Is-Back-wp.pdf)
16+
17+
## 现实案例研究
18+
19+
[CVE-2014-2851 group_info UAF Exploitation](http://www.freebuf.com/vuls/92465.html)
20+
21+
[(CVE-2015-3636) CVE-2015-3636 kernel: ping sockets: use-after-free leading to local privilege escalation](https://bugzilla.redhat.com/show_bug.cgi?id=1218074)
22+
23+
[ANALYSISAND EXPLOITATION OF A LINUX KERNEL VULNERABILITY (CVE-2016-0728)](http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728/)
24+
25+
[]

0 commit comments

Comments
(0)

AltStyle によって変換されたページ (->オリジナル) /