My Infiltrate slides about recent progress in Windows kernel infoleak detection: http://j00ru.vexillium.org/slides/2018/infiltrate.pdf … Topics covered: • Windows x64 instrumentation • Leaks to file systems • Double-write conditions • Visual Studio .pdb heap disclosure
-
-
Replying to @j00ru
Probably didn't find anything in the typical Linux userland interface because ~2013 we did some similar instrumentation to make some leaks fall out - modified the magic for STACKLEAK/SANITIZE to a value we told a fuzzer to never provide to the kernel,inspected copy_to_user for it
5 replies 3 retweets 11 likes -
Replying to @grsecurity @j00ru
Just found this tweet. I did a similar trick with STACKLEAK and copy_to_user() half a year ago. Syzkaller on x86_64 defconfig didn't find any infoleaks... I also had to modify kernel timers and random api not to return the needed magic value to the userspace.
1 reply 0 retweets 0 likes
Replying to @a13xp0p0v @grsecurity
Interesting, thanks for noting this!
1:11 AM - 9 Aug 2018
0 replies
1 retweet
0 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.