lecture: I got 99 problems but a kernel pointer ain't one
There's an Info Leak Party In Ring 0
While Windows has been becoming a tighter and tighter ship with increased mitigations added each release, the local availability of kernel addresses has barely been addressed, except in the context of some ASLR bypasses in Windows 8. This presentation will collect many of the already-known info leaks in one single source, and then proceed by presenting some unknown and novel info leaks in the kernel.
Other than documented and undocumented APIs to retrieve kernel pointers, we'll also take a look at static addresses, physical address leaks, as well as architectural leaks (such as TPIDRURO on ARM).
Start time: 10:00