└── README.md


/README.md:
--------------------------------------------------------------------------------
 1 | # Kernel Exploitation Resources
 2 | ## Windows
 3 | 1. https://labs.mwrinfosecurity.com/blog/windows-8-kernel-memory-protections-bypass/
 4 | 1. https://labs.mwrinfosecurity.com/blog/a-tale-of-bitmaps/
 5 | 1. https://dl.packetstormsecurity.net/papers/general/SMEP_overview_and_partial_bypass_on_Windows_8.pdf
 6 | 1. https://www.coresecurity.com/blog/ms16-039-windows-10-64-bits-integer-overflow-exploitation-by-using-gdi-objects
 7 | 1. https://www.coresecurity.com/system/files/publications/2016/05/Windows%20SMEP%20bypass%20U%3DS.pdf
 8 | 1. https://cansecwest.com/slides/2016/CSW2016_Economou-Nissim_GettingPhysical.pdf
 9 | 1. https://blogs.technet.microsoft.com/mmpc/2017/03/27/detecting-and-mitigating-elevation-of-privilege-exploit-for-cve-2017-0005/
10 | 1. https://www.virusbulletin.com/uploads/pdf/conference_slides/2015/OhFlorio-VB2015.pdf
11 | 1. https://blogs.technet.microsoft.com/mmpc/2017/01/13/hardening-windows-10-with-zero-day-exploit-mitigations/
12 | 1. http://www.codemachine.com/article_kernelstruct.html
13 | 1. http://www.codemachine.com/article_x64deepdive.html
14 | 1. https://www.coresecurity.com/system/files/publications/2016/10/Abusing-GDI-Reloaded-ekoparty-2016_0.pdf
15 | 1. https://www.coresecurity.com/blog/abusing-gdi-for-ring0-exploit-primitives
16 | 1. http://www.fuzzysecurity.com/tutorials/expDev/22.html
17 | 1. http://blog.trendmicro.com/trendlabs-security-intelligence/one-bit-rule-system-analyzing-cve-2016-7255-exploit-wild/
18 | 1. https://labs.mwrinfosecurity.com/assets/BlogFiles/mwri-securitay-2017-samdb-a-window-into-ring0.pdf
19 | 1. https://www.blackhat.com/docs/asia-16/materials/asia-16-Wang-A-New-CVE-2015-0057-Exploit-Technology-wp.pdf
20 | 1. https://media.blackhat.com/bh-us-11/Mandt/BH_US_11_Mandt_win32k_WP.pdf
21 | 1. https://github.com/55-AA/CVE-2016-3308
22 | 1. https://www.nccgroup.trust/globalassets/newsroom/uk/blog/documents/2015/07/exploiting-cve-2015.pdf
23 | 1. https://github.com/sam-b/windows_kernel_address_leaks/blob/master/notes/gSharedInfo.md
24 | 1. https://2016.zeronights.ru/wp-content/uploads/2016/12/Win10LPE.pdf
25 | 1. https://blogs.technet.microsoft.com/yongrhee/2009/06/23/pool-tag-list/
26 | 1. http://picturoku.blogspot.com/2011/12/bit-away-from-kernel-execution.html
27 | 1. https://improsec.com/blog//windows-kernel-shellcode-on-windows-10-part-4-there-is-no-code
28 | 1. https://twitter.com/FuzzySec/status/882025887071440897
29 | 1. http://trackwatch.com/kernel-pool-overflow-exploitation-in-real-world-windows-7/
30 | 1. http://trackwatch.com/windows-kernel-pool-spraying/
31 | 1. http://slides.com/theduck/deck#/
32 | 1. http://www.iceswordlab.com/2017/06/14/Automatically-Discovering-Windows-Kernel-Information-Leak-Vulnerabilities_en/
33 | 1. http://illmatics.com/Windows%208%20Heap%20Internals%20(Slides).pdf
34 | 1. http://2014.zeronights.org/assets/files/slides/data-only-pwning-windows-kernel.pptx
35 | 1. https://github.com/MortenSchenk/BHUSA2017
36 | 1. http://trackwatch.com/kernel-pool-overflow-exploitation-in-real-world-windows-10/
37 | 


--------------------------------------------------------------------------------