conference logo

Playlist "33C3: works for me"

Memory Deduplication: The Curse that Keeps on Giving

Ben Gras, Kaveh Razavi, brainsmoke and Antonio Barresi

We are 4 security researchers who have collectively worked on 3 different attack techniques that all (ab)use memory deduplication in one way or another. There is a cross-vm data leak attack, a cross-vm data write attack, and an in-sandbox (MS Edge) Javascript data leak + full memory read/write attack based in MS Edge.

In this talk we detail how memory deduplication works and the many different ways it is exploited in our attacks.