Cluck Cluck: On Intel's Broken Promises

BSidesLV 2014

Presented by: Jacob Torrey
Date: Tuesday August 05, 2014
Time: 17:00 - 17:50
Location: Breaking Ground

Cluck Cluck presents an architectural, OS-independent method for accessing arbitrary physical memory from kernel shell-code or forensics memory acquisition tools where the virtual addresses of the paging structures are not known -- 'breaking out' of virtual memory. Currently, the virtual address for the page directory is hard coded in the kernel, but this is specific to each OS and version thereof. Cluck Cluck solves the chicken and egg problem (needing access to the page structures to gain access to the page structures) at an OS-independent, architectural level, highlighting how a newer Intel feature violated existing guarantees.

Jacob Torrey

Jacob Torrey is a Sr. Research Engineer at Assured Information Security, Inc, where he leads the Computer Architectures group and acts as the site lead for the Colorado branch. Jacob has worked extensively with low-level x86 and MCU architectures, having written a BIOS, OS, hypervisor and SMM handler. His major interest is how to (mis)use an existing architecture to implement a capability currently beyond the limitations of the architecture.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats