We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

Memory Deduplication: The Curse that Keeps on Giving

1
 Cite
 Share
 Related Material
 Download
 Purchase
Logo of Chaos Computer Club e.V.Chaos Computer Club e.V.
 Gras, Ben Razavi, Kaveh Bosman. Erik (brainsmoke) Barresi, Antonio

Formal Metadata

Title
Memory Deduplication: The Curse that Keeps on Giving
Subtitle
A tale of 3 different memory deduplication based exploitation techniques
Title of Series
Number of Parts
147
Author
License
CC Attribution 4.0 International:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Release Date
Language

Content Metadata

Subject Area
Genre
Abstract
We are 4 security researchers who have collectively worked on 3 different attack techniques that all (ab)use memory deduplication in one way or another. There is a cross-vm data leak attack, a cross-vm data write attack, and an in-sandbox (MS Edge) Javascript data leak + full memory read/write attack based in MS Edge. In this talk we detail how memory deduplication works and the many different ways it is exploited in our attacks.
Keywords