Researchers Uncover First Native Spectre v2 Exploit Against Linux Kernel

Cybersecurity researchers have disclosed what they say is the "first native Spectre v2 exploit" against the Linux kernel on Intel systems that could be exploited to read sensitive data from the memory. The exploit, called Native Branch History Injection (BHI), can be used to leak arbitrary kernel memory at 3.5 kB/sec by bypassing existing Spectre v2/BHI mitigations, researchers from Systems and

GhostRace – New Data Leak Vulnerability Affects Modern CPUs

A group of researchers has discovered a new data leakage attack impacting modern CPU architectures supporting speculative execution. Dubbed GhostRace (CVE-2024-2193), it is a variation of the transient execution CPU vulnerability known as Spectre v1 (CVE-2017-5753). The approach combines speculative execution and race conditions. "All the common synchronization primitives implemented

SLAM Attack: New Spectre-based Vulnerability Impacts Intel, AMD, and Arm CPUs

Researchers from the Vrije Universiteit Amsterdam have disclosed a new side-channel attack called SLAM that could be exploited to leak sensitive information from kernel memory on current and upcoming CPUs from Intel, AMD, and Arm. The attack is an end-to-end exploit for Spectre based on a new feature in Intel CPUs called Linear Address Masking (LAM) as well as its analogous

iLeakage: New Safari Exploit Impacts Apple iPhones and Macs with A- and M-Series CPUs

A group of academics has devised a novel side-channel attack dubbed iLeakage that exploits a weakness in the A- and M-series CPUs running on Apple iOS, iPadOS, and macOS devices, enabling the extraction of sensitive information from the Safari web browser. "An attacker can induce Safari to render an arbitrary webpage, subsequently recovering sensitive information present within it using

Blackbone - Windows Memory Hacking Library

Windows memory hacking library

Features

• x86 and x64 support

Process interaction

• Manage PEB32/PEB64
• Manage process through WOW64 barrier

Process Memory

• Allocate and free virtual memory
• Change memory protection
• Read/Write virtual memory

Process modules

• Enumerate all (32/64 bit) modules loaded. Enumerate modules using Loader list/Section objects/PE headers methods.
• Get exported function address
• Get the main module
• Unlink module from loader lists
• Inject and eject modules (including pure IL images)
• Inject 64bit modules into WOW64 processes
• Manually map native PE images

Threads

• Enumerate threads
• Create and terminate threads. Support for cross-session thread creation.
• Get thread exit code
• Get main thread
• Manage TEB32/TEB64
• Join threads
• Suspend and resume threads
• Set/Remove hardware breakpoints

Pattern search

• Search for arbitrary pattern in local or remote process

Remote code execution

• Execute functions in remote process
• Assemble own code and execute it remotely
• Support for cdecl/stdcall/thiscall/fastcall conventions
• Support for arguments passed by value, pointer or reference, including structures
• FPU types are supported
• Execute code in new thread or any existing one

Remote hooking

• Hook functions in remote process using int3 or hardware breakpoints
• Hook functions upon return

Manual map features

• x86 and x64 image support
• Mapping into any arbitrary unprotected process
• Section mapping with proper memory protection flags
• Image relocations (only 2 types supported. I haven't seen a single PE image with some other relocation types)
• Imports and Delayed imports are resolved
• Bound import is resolved as a side effect, I think
• Module exports
• Loading of forwarded export images
• Api schema name redirection
• SxS redirection and isolation
• Activation context support
• Dll path resolving similar to native load order
• TLS callbacks. Only for one thread and only with PROCESS_ATTACH/PROCESS_DETACH reasons.
• Static TLS
• Exception handling support (SEH and C++)
• Adding module to some native loader structures(for basic module api support: GetModuleHandle, GetProcAdress, etc.)
• Security cookie initialization
• C++/CLI images are supported
• Image unloading
• Increase reference counter for import libraries in case of manual import mapping
• Cyclic dependencies are handled properly

Driver features

• Allocate/free/protect user memory
• Read/write user and kernel memory
• Disable permanent DEP for WOW64 processes
• Change process protection flag
• Change handle access rights
• Remap process memory
• Hiding allocated user-mode memory
• User-mode dll injection and manual mapping
• Manual mapping of drivers

Requirements

• Visual Studio 2017 15.7 or higher
• Windows SDK 10.0.17134 or higher
• WDK 10.0.17134 or higher (driver only)
• VC++ 2017 Libs for Spectre (x86 and x64)
• Visual C++ ATL (x86/x64) with Spectre Mitigations