Dedup Est Machina

Project Description

Dedup Est Machina (published at S&P ’16) is a new cool attack showing how a JavaScript-enabled attacker can abuse memory deduplication and Rowhammer to own a Microsoft Edge browser on Windows 10 with all the defenses up. The end-to-end attack relies on no software vulnerabilities.

Pwnie Award

Dedup Est Machina won the Pwnie Award for Most Innovative Research at Black Hat USA, 2016.

Reception

  • Dedup Est Machina hits the news.
  • Microsoft addresses Dedup Est Machina on Windows 10 in CVE-2016-3272 by disabling memory deduplication by default.

Demo

 

Papers

Share on Facebook1Tweet about this on TwitterShare on Google+0Email this to someonePrint this page