1. browse
  2. congress
  3. 2016
  4. event
conference logo

Memory Deduplication: The Curse that Keeps on Giving

A tale of 3 different memory deduplication based exploitation techniques

Ben Gras, Kaveh Razavi, brainsmoke and Antonio Barresi

Playlists: '33c3' videos starting here / audio / related events

We are 4 security researchers who have collectively worked on 3 different attack techniques that all (ab)use memory deduplication in one way or another. There is a cross-vm data leak attack, a cross-vm data write attack, and an in-sandbox (MS Edge) Javascript data leak + full memory read/write attack based in MS Edge.

In this talk we detail how memory deduplication works and the many different ways it is exploited in our attacks.

Download

Video

These files contain multiple languages.

This Talk was translated into multiple languages. The files available for download contain all languages as separate audio-tracks. Most desktop video players allow you to choose between them.

Please look for "audio tracks" in your desktop video player.

Subtitles

eng
 Help us to improve these subtitles!

Audio

Download mp3
eng 53 MB
Download opus
eng 44 MB

Related

Do as I Say not as I Do: Stealth Modification of Programmable Logic Controllers I/O by Pin Control Attack
Shining some light on the Amazon Dash button
Dissecting HDMI
On Smart Cities, Smart Energy, And Dumb Security
radare demystified
PUFs, protection, privacy, PRNGs
How do we know our PRNGs work properly?
What could possibly go wrong with <insert x86 instruction here>?
Security Nightmares 0x11
Machine Dreams

Embed

Share:

Tags