My Infiltrate slides about recent progress in Windows kernel infoleak detection: http://j00ru.vexillium.org/slides/2018/infiltrate.pdf … Topics covered: • Windows x64 instrumentation • Leaks to file systems • Double-write conditions • Visual Studio .pdb heap disclosure
-
-
Replying to @j00ru
Probably didn't find anything in the typical Linux userland interface because ~2013 we did some similar instrumentation to make some leaks fall out - modified the magic for STACKLEAK/SANITIZE to a value we told a fuzzer to never provide to the kernel,inspected copy_to_user for it
5 replies 3 retweets 11 likes -
Replying to @grsecurity
Always one step ahead! :) It's surely one of the reasons I didn't have an easy time hunting for Linux infoleaks. Is this effort documented somewhere publicly so that I can cite it properly?
1 reply 0 retweets 4 likes -
Just one of the many things we do without talking much (or at all) about it. For some more history, around that same time
@jvanegue was being persistent in viewing SIZE_OVERFLOW in terms of how many bugs it found -- when the answer (same as in your case) is however many...1 reply 0 retweets 1 like -
Replying to @grsecurity @j00ru and
grsecurity Retweeted Julien Vanegue
you can trigger via a fuzzer (https://twitter.com/jvanegue/status/373212998091161601 … etc). At Sacicon we fully explained it and he finally got it, and I also mentioned how we were repurposing other plugins for the same bug-finding goal. He thought it was novel and we should write a paper about it...
grsecurity added,
2 replies 0 retweets 1 like -
did you really dig up a 2013 tweet to justify your point and throw me under the bus all at once? Nicely done
1 reply 0 retweets 0 likes -
I was providing the historical context (that you could vouch for, since there's no public mention of it). I didn't know that mentioning something you were adamant about in public constitutes 'throwing under the bus', but it is true that you've been hostile ever since being wrong
1 reply 0 retweets 0 likes -
what kind of wrongness you borrow me from back then I don't know! I just recall a friendly meeting in Sao Paulo
1 reply 0 retweets 0 likes -
I am open and even enjoy being wronged, that's how I learn. No need to make it personal. Also, great work
@j00ru !1 reply 0 retweets 1 like
Thanks Julien!
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.