mira/thesis
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
thesis/meetings.md
twoneis b59f84ee36 meeting notes
2025-03-14 17:00:11 +01:00

52 lines
2.2 KiB
Markdown
Raw Blame History

# 03-14
Goal: Breaking KASLR through TLB-based side channel attack
Status: Inserting Kernel Module
Progress:
- Wrote a basic kernel module
- Worked on proposal with feedback (improved version on Tuesday)
Stuck on: How to check if loading the module forces 4kB mapping as expected
- Herbert: https://github.com/HyperDbg/HyperDbg/blob/1a5c316ba63dea74d5c672cc6d15b09fece7ccda/hyperdbg/hyperhv/code/memory/MemoryMapper.c#L525
# 03-07
Goal: Breaking KASLR through TLB-based side channel attack
Status: Proposal draft and setting up machine
Progress:
- Messed up the machine configuration a bit and wasted time there (thanks Aleksandar for helping me out)
- glanced over need for google kernelCTF kernel
TODO: check if module rwx can be used because that would be much easier and commonly enabled
- messed up some things in grub -> using VM now because that caused long recovery times (had to sync up with aleksandar)
- Wrote proposal draft
Stuck on: Not really stuck but getting the kernel and options right is taking more time than expected.
# 02-28
Daily supervisor: Dyon
Goal: Breaking KASLR through TLB-based side channel attack
Status: Deciding on which part exactly to choose, hardware access today
Progress:
- Target: i7-8650U Kernel 6.8
- First idea: Try using CONFIG_STRICT_MODULE_RWX (D1)
- but: maybe further input needed here which one is desireable target
- strict module rwx => can leak heap (excluding cred and less reliable pipe-buffer) and page tables
- virtual heap => can leak heap (including cred) reliably
TODO: Go with heap => cred one of the most interesting
- virtual stack => can leak kernel stack
- Forgot about research proposal, message herbert
# 02-21
Daily supervisor: Dyon
Goal: Breaking KASLR through TLB-based side channel attack
Status:
Progress:
- Contacted Aleksandar for VM access
- Learned more about prefetch sidechannel
TODO: Only read TLB part not cache
# 02-14
Daily supervisor: idk yet? Dyon
Goal: Breaking KASLR through TLB-based side channel attack
Status: Just started middle of this week
Progress:
- Skimmed paper and read some important parts more in depth
- Intel CPU required (?)
TODO: contact for hardware: Marković, A. (Aleksandar) <a.markovic@vu.nl>
TODO: probably VM enough? check that
Reference in a new issue View git blame Copy permalink