Talos Vulndev

Recommendations

Info

• CR3 physical page swappable? • Quick analysis shows that in Windows 10586 • Only the main PML4 table page is always in memory • Otherwise make use of the PIP packets • The problem of the spawned processes has been resolved using the trace by IP – detect when a new process is spawned and add the new range OR • Use the tracing by CPL and parse the PIP packets
Page 3: • Research Manager • Cisco Talo
Page 8 and 9: • CPUID with leaf 0x7 can detect
Page 10 and 11: EAX = 0x14 - Intel Processor Trace
Page 12 and 13: • Implemented entirely in hardwar
Page 14 and 15: • OS should allocate a contiguous
Page 19 and 20: • We have decided to write a Wind
Page 21: • Processor Trace works with phys
Page 25 and 26: Evolutionary Testing • Early work
Page 27 and 28: Evolutionary Fuzzing • From previ
Page 29 and 30: • Contributions - Tracks edge tra
Page 31 and 32: Windows Evolutionary Fuzzing • St
Page 33 and 34: WinAFL • Ivan Fratric 2016 - Firs
Page 35 and 36: WinAFL IntelPT • Richard Johnson
Page 37 and 38: • Performance - Dummy loop benchm
Page 39: • Performance - Full tracing and
Page 42: Thank you! https://github.com/talos

Talos Vulndev

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?