Linux kernel N-day vulnerability analysis

표제 관련 연구/학습 중 필요 시 자주 참고하는 사이트를 정리해놓았습니다.

 

---

 

0. Basic information about specific vulnerability

 

- National Vulnerability Database

 

- Mitre

 

- CVE detail

 

- Syzbot - Missing backport

 

- Syzbot - Open

 

- Syzbot - Fixed

 

- Syzbot - Invaild

 

- Linux Kernel CVEs

 

- kernel dance, Add kernel commit ids up to the seventh one

 

---

 

1. N-Day Vulnerability analysis report (include mailing list)

 

- Project Zero blog, Ctrl+f: kernel

 

- ZeroDayInitiative blog, Search: Linux kernel

 

- lore.kernel.org, Search: exploitable, exploit, vulnerable, etc...

 

- OSS security, Ctrl+f: linux, linux kernel

 

- 0-Day report templete

 

- linux-kernel-exploitation

 

- linux-kernel-exploits

 

- kernel-exploit-factory

 

- STAR labs's CVEs

 

- And a lot of other researchers' publicly available analysis reports

 

- publicly available materials from Blackhat, USENIX, LPC, and others.

 

---

 

2. a little bit of tools (exclude Fuzzers, Sanitizers, Static analysis tools)

 

- kgdb

 

- like-dbg, Fully dockerized Linux kernel debugging environment

 

- pretty-printk, A more visible version of printk

 

- slabdbg

 

- libslub

 

- kernel_obj_finder

 

- A few other open source analytics tools, and personal tools...