Drammer - The Making Of
Offered By: Hack In The Box Security Conference via YouTube
Course Description
Overview
Syllabus
Intro
A Little Background
Rawhammer
Bypass the CPU cache
Select the Aggressor Rows
Rowhammer Exploitation
Hammering a Needle in the Software Stack
A Quick Google Search
Arrival at Santa Barbara
Benchmarking DRAM Bandwidth
Kernel Module
A piece of art: meh.cc
Debug, Hammer, Debug
E-Mail From The Bos
Flipping Bits On The Beach
Downward Spiral
The cacheflush System Call
Pointer Chasing
Flipping Bits By Executing Code
Cache Maintenance Operations
Martina
Memory templating
Scientific Value
Land sensitive data
a. Exhaust Large Chunks
b. Find a Bit Flip
Release Vulnerable Chunk
Exhaust Rows (again)
a. Release Vulnerable Row
b. Release Large Chunks
Allocate Pages until we hit the vulnerable now
Padding
Map a Page Table
Evaluation
Wrapping Up
Disclosure
Drammer
Taught by
Hack In The Box Security Conference
Related Courses
Between Physical and Sofware: Fault Attacks, Side Channels, and MitigationsGraz University of Technology via edX POSWorld - Should You Be Afraid of Hands-On Payment Devices
Black Hat via YouTube The Evolving Attack Surface
Kaspersky via YouTube Blacksmith- Compromising Target Row Refresh by Rowhammering in the Frequency Domain
IEEE via YouTube Are We Susceptible to Rowhammer? An End-to-End Methodology for Cloud Providers
IEEE via YouTube