Dedup Est Machina

Project Description

Dedup Est Machina (published at S&P ’16) is a new cool attack showing how a JavaScript-enabled attacker can abuse memory deduplication and Rowhammer to own a Microsoft Edge browser on Windows 10 with all the defenses up. The end-to-end attack relies on no software vulnerabilities.

Pwnie Award

Dedup Est Machina won the Pwnie Award for Most Innovative Research at Black Hat USA, 2016.


  • Dedup Est Machina hits the news.
  • Microsoft addresses Dedup Est Machina on Windows 10 in CVE-2016-3272 by disabling memory deduplication by default.



Systems and Network Security Group at VU Amsterdam