Bochspwn Reloaded - Detecting Kernel Memory Disclosure with x86 Emulation and Taint Tracking

Explore kernel memory disclosure detection using x86 emulation and taint tracking in this Black Hat conference talk. Delve into the intricacies of kernel-mode buffer overflows and memory corruption issues, focusing on the subtle flaws in user-mode client interactions. Learn about the Bochspwn Reloaded project, which employs advanced techniques to identify these elusive vulnerabilities. Discover the potential severity and benefits of stack and heap disclosures, and gain insights into the performance considerations of this approach. Examine the Bochs instrumentation support, core logic, and ancillary functionality used in the detection process. Understand the implementation of shadow memory representation, taint propagation, and bug detection mechanisms. Compare memory taint layouts in Windows 7 and Ubuntu 16.04, and explore real-world examples of stack infoleak reproduction and uninitialized memory bugs. Gain valuable knowledge on kernel debugging techniques and future directions for improving kernel security.