I got 99 problems but a kernel pointer ain't one
- Type
- Slides
- Tags
- Windows
- Authors
- Alex Ionescu
- Event
- REcon 2013
- Indexed on
- Sep 13, 2014
- URL
- http://recon.cx/2013/slides/Recon2013-Alex%20Ionescu-I%20got%2099%20problems%20but%20a%20kernel%20pointer%20ain%27t%20one.pdf
- File name
- Recon2013-Alex%20Ionescu-I%20got%2099%20problems%20but%20a%20kernel%20pointer%20ain%27t%20one.pdf
- File size
- 9.0 MB
- MD5
- c0956b2d5c4e2b5de2b18c9f2e71a619
- SHA1
- fe386dbd65b15b2e571bcb822f16707d02feca4e
While Windows has been becoming a tighter and tighter ship with increased mitigations added each release, the local availability of kernel addresses has barely been addressed, except in the context of some ASLR bypasses in Windows 8. This presentation will collect many of the already-known info leaks in one single source, and then proceed by presenting some unknown and novel info leaks in the kernel. Other than documented and undocumented APIs to retrieve kernel pointers, we'll also take a look at static addresses, physical address leaks, as well as architectural leaks (such as TPIDRURO on ARM).
About us
Secdocs is a project aimed to index high-quality IT security and hacking documents. These are fetched from multiple data sources: events, conferences and generally from interwebs.
Statistics
Serving 8166 documents and 531.0 GB of hacking knowledge, indexed from 2419 authors from 163 security conferences.
Contribute
To support this site and keep it alive, you can click on the buttons below. Any help is really appreciated! This service is provided for free, but real money is needed to pay bills.
