Just released a new blog post in my exploitation tricks series about research I did to implement a virtual memory access trap on Windows to make exploitation of certainly classes of vulnerabilities deterministic https://googleprojectzero.blogspot.com/2021/01/windows-exploitation-tricks-trapping.html …
-
If you read the Bochspwn paper that talks about probabilistic attacks and can be pretty reliable sometimes up to 100% within a short time window. The whole point of the blog though is to make it deterministic :-)
yarh allright, Ive also been thinking about edge cases to enable that- only thing is: With webdav you can open a file with write, it gets cached- now write what you want, then open again with only read_attributes(without closing original), now close original open.
-
-
the written data is now cached - and file is kept open, without causing locks. Future file open will return what you wrote to the file as long as the handle remains open. This could enable the file to grow, causing additional reading of data if opened.
-
it is also a way for anyone to write a file in system context :)
- Show replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.