My Infiltrate slides about recent progress in Windows kernel infoleak detection: http://j00ru.vexillium.org/slides/2018/infiltrate.pdf … Topics covered: • Windows x64 instrumentation • Leaks to file systems • Double-write conditions • Visual Studio .pdb heap disclosure
-
-
Replying to @j00ru
Probably didn't find anything in the typical Linux userland interface because ~2013 we did some similar instrumentation to make some leaks fall out - modified the magic for STACKLEAK/SANITIZE to a value we told a fuzzer to never provide to the kernel,inspected copy_to_user for it
5 replies 3 retweets 11 likes -
Replying to @grsecurity @j00ru
I should also mention that
@_minipli found and fixed a ton of infoleaks, more than we did (as our focus was more on the plugins for defense, the offensive use was just for info to keep in our back pocket: by definition the plugins would prevent those leaks)1 reply 0 retweets 2 likes -
Replying to @grsecurity @_minipli
Good point, Mathias definitely deserves a mention here. I've seen his extensive work on these issues and referenced his results on slide 13 at Infiltrate
1 reply 0 retweets 1 like -
Yep I see it there, though it's definitely much higher than the count credited there. A simple grep below (some of these involved multiple fixes, only 2 in this list aren't infoleaks). He was at Infiltrate too BTW in case you were able to talk to himpic.twitter.com/rk16vcrsas
1 reply 0 retweets 0 likes
That's a ton of bugs. I'll make sure to use a more accurate number in the upcoming paper to give credit where credit is due.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.