└── README.md /README.md: -------------------------------------------------------------------------------- 1 | # Kernel Exploitation Resources 2 | ## Windows 3 | 1. https://labs.mwrinfosecurity.com/blog/windows-8-kernel-memory-protections-bypass/ 4 | 1. https://labs.mwrinfosecurity.com/blog/a-tale-of-bitmaps/ 5 | 1. https://dl.packetstormsecurity.net/papers/general/SMEP_overview_and_partial_bypass_on_Windows_8.pdf 6 | 1. https://www.coresecurity.com/blog/ms16-039-windows-10-64-bits-integer-overflow-exploitation-by-using-gdi-objects 7 | 1. https://www.coresecurity.com/system/files/publications/2016/05/Windows%20SMEP%20bypass%20U%3DS.pdf 8 | 1. https://cansecwest.com/slides/2016/CSW2016_Economou-Nissim_GettingPhysical.pdf 9 | 1. https://blogs.technet.microsoft.com/mmpc/2017/03/27/detecting-and-mitigating-elevation-of-privilege-exploit-for-cve-2017-0005/ 10 | 1. https://www.virusbulletin.com/uploads/pdf/conference_slides/2015/OhFlorio-VB2015.pdf 11 | 1. https://blogs.technet.microsoft.com/mmpc/2017/01/13/hardening-windows-10-with-zero-day-exploit-mitigations/ 12 | 1. http://www.codemachine.com/article_kernelstruct.html 13 | 1. http://www.codemachine.com/article_x64deepdive.html 14 | 1. https://www.coresecurity.com/system/files/publications/2016/10/Abusing-GDI-Reloaded-ekoparty-2016_0.pdf 15 | 1. https://www.coresecurity.com/blog/abusing-gdi-for-ring0-exploit-primitives 16 | 1. http://www.fuzzysecurity.com/tutorials/expDev/22.html 17 | 1. http://blog.trendmicro.com/trendlabs-security-intelligence/one-bit-rule-system-analyzing-cve-2016-7255-exploit-wild/ 18 | 1. https://labs.mwrinfosecurity.com/assets/BlogFiles/mwri-securitay-2017-samdb-a-window-into-ring0.pdf 19 | 1. https://www.blackhat.com/docs/asia-16/materials/asia-16-Wang-A-New-CVE-2015-0057-Exploit-Technology-wp.pdf 20 | 1. https://media.blackhat.com/bh-us-11/Mandt/BH_US_11_Mandt_win32k_WP.pdf 21 | 1. https://github.com/55-AA/CVE-2016-3308 22 | 1. https://www.nccgroup.trust/globalassets/newsroom/uk/blog/documents/2015/07/exploiting-cve-2015.pdf 23 | 1. https://github.com/sam-b/windows_kernel_address_leaks/blob/master/notes/gSharedInfo.md 24 | 1. https://2016.zeronights.ru/wp-content/uploads/2016/12/Win10LPE.pdf 25 | 1. https://blogs.technet.microsoft.com/yongrhee/2009/06/23/pool-tag-list/ 26 | 1. http://picturoku.blogspot.com/2011/12/bit-away-from-kernel-execution.html 27 | 1. https://improsec.com/blog//windows-kernel-shellcode-on-windows-10-part-4-there-is-no-code 28 | 1. https://twitter.com/FuzzySec/status/882025887071440897 29 | 1. http://trackwatch.com/kernel-pool-overflow-exploitation-in-real-world-windows-7/ 30 | 1. http://trackwatch.com/windows-kernel-pool-spraying/ 31 | 1. http://slides.com/theduck/deck#/ 32 | 1. http://www.iceswordlab.com/2017/06/14/Automatically-Discovering-Windows-Kernel-Information-Leak-Vulnerabilities_en/ 33 | 1. http://illmatics.com/Windows%208%20Heap%20Internals%20(Slides).pdf 34 | 1. http://2014.zeronights.org/assets/files/slides/data-only-pwning-windows-kernel.pptx 35 | 1. https://github.com/MortenSchenk/BHUSA2017 36 | 1. http://trackwatch.com/kernel-pool-overflow-exploitation-in-real-world-windows-10/ 37 | --------------------------------------------------------------------------------