Bochspwn - Identifying 0-Days via System-Wide Memory Access Pattern Analysis

Explore an innovative approach to discovering kernel vulnerabilities through dynamic CPU-level instrumentation in this Black Hat USA 2013 conference talk. Delve into the "Bochspwn" project, which utilizes memory access patterns to identify potential race conditions in user-mode memory interactions. Learn about various implementation methods and discover how this technique uncovered approximately 50 local elevation of privilege vulnerabilities in the Windows kernel. Gain insights into the evolution of automated vulnerability discovery and its impact on kernel security. Understand the limitations of current kernel code coverage techniques and the importance of addressing kernel-specific bug classes. Witness the open-sourcing of the Bochspwn tool and explore opportunities for further development and testing of this groundbreaking approach to enhancing system security.