|
|
|
|
|
|
by monocasa
3083 days ago
|
|
|
If you know the specific kernel being used, all you have to figure out is the base address of the kernel to have to whole layout to break KASLR. So if it had been a timing attack where an unmapped memory reference takes longer to fail than a memory reference with the wrong permissions, then you could scan all of the KASLR slots without actually reading back any data. Actually reading data is a waaaaayyy bigger deal. |
|
|
But, I mean: that's what that dude is doing in that tweet, is all I'm saying. :)