Project Description
Dedup Est Machina (published at S&P ’16) is a new cool attack showing how a JavaScript-enabled attacker can abuse memory deduplication and Rowhammer to own a Microsoft Edge browser on Windows 10 with all the defenses up. The end-to-end attack relies on no software vulnerabilities.
Pwnie Award
Dedup Est Machina won the Pwnie Award for Most Innovative Research at Black Hat USA, 2016.
Reception
- Dedup Est Machina hits the news.
- Microsoft addresses Dedup Est Machina on Windows 10 in CVE-2016-3272 by disabling memory deduplication by default.
Demo