MoRE Shadow Walker - The Progression of TLB-Splitting on x86

Explore the evolution of translation lookaside buffer (TLB) splitting for code hiding on x86 architecture in this 44-minute Black Hat conference talk. Gain insights into how Intel's Core i-series processors changed TLB architecture, rendering previous techniques obsolete. Learn about new research methods for TLB-splitting on modern hardware and their applications in both defensive and offensive cybersecurity. Discover how the EPT Shadow Walker rootkit leverages TLB-splitting to present different memory versions to defensive tools and the CPU, effectively concealing malicious code from anti-virus systems. Witness a demonstration of memory manipulation and hiding techniques, and examine the research results presented by Jacob Torrey.

MoRE Shadow Walker: The Progression of TLB-Splitting on x86