N-gated Hacker NewsNov 9
Google's Project Zero: where they defeat advanced security measures by doing absolutely 🀷 nothing. Apparently, the best way to crack #KASLR is to sit back and let the linear mapping do it for you. Who knew hacking could be so chill? πŸΉπŸ”“
https://googleprojectzero.blogspot.com/2025/11/defeating-kaslr-by-doing-nothing-at-all.html #GoogleProjectZero #HackingChill #CyberSecurity #LinearMapping #HackerNews #ngated
Defeating KASLR by Doing Nothing at All

  Posted by Seth Jenkins, Project Zero Introduction I've recently been researching Pixel kernel exploitation and as part of this research I ...

N-gated Hacker NewsSep 11, 2025
🚨 Oh no, #Windows has a #KASLR #bypass bug! 😱 Quick, notify the 0.0001% of people who understand what that means! πŸ€“ Meanwhile, everyone else will continue watching cat videos, blissfully unaware that their precious NT kernels are being disclosed like celebrity nudes. πŸ’»πŸ”“
https://www.crowdfense.com/nt-os-kernel-information-disclosure-vulnerability-cve-2025-53136/ #bug #cybersecurity #catvideos #NTkernels #HackerNews #ngated
NT OS Kernel Information Disclosure Vulnerability - CVE-2025-53136 - Crowdfense

Bidding farewell to one of the last kernel address leaks, CVE-2025-53136. Even patches can open new doors for exploitation.

Crowdfense
Hacker NewsSep 11, 2025

Windows KASLR Bypass – CVE-2025-53136

https://www.crowdfense.com/nt-os-kernel-information-disclosure-vulnerability-cve-2025-53136/

#HackerNews #Windows #KASLR #Bypass #CVE-2025-53136 #Cybersecurity #Vulnerability #Exploit #Hacking

NT OS Kernel Information Disclosure Vulnerability - CVE-2025-53136 - Crowdfense

Bidding farewell to one of the last kernel address leaks, CVE-2025-53136. Even patches can open new doors for exploitation.

Crowdfense
buheratorJun 16, 2025
I created a library from prefetch-tool so you can more easily experiment with side-channel #KASLR bypasses on Windows:

https://github.com/v-p-b/prefetch-lib

For dogfooding I exploited HEVD on Windows 11 24H2:

https://github.com/v-p-b/HEVD-prefetch
kriware May 27, 2025

Bypassing kASLR via Cache Timing

Explores a prefetch side-channel attack to bypass kASLR on Windows 11 by measuring cache access times to locate the kernel base address.

https://r0keb.github.io/posts/Bypassing-kASLR-via-Cache-Timing/

#kASLR #SideChannel

Bypassing kASLR via Cache Timing

Good morning! As we saw in last week’s blog post, the use of NtQuerySystemInformation() to bypass kASLR and the changes introduced in version 24H2 have effectively taken away that convenient method we used to rely on to simplify things.

r0keb
raptor Apr 28, 2024

#Exploiting the #NT #Kernel in 24H2: New Bugs in Old Code & Side Channels Against #KASLR

https://exploits.forsale/24h2-nt-exploit/

Exploiting the NT Kernel in 24H2: New Bugs in Old Code & Side Channels Against KASLR

Show threadバルテクMar 25, 2024
@mdhughes @Reiddragon this is oversimplifying by A LOT. For instance: some desktop things work better on #OpenBSD than #FreeBSD. #NetBSD was the first #BSD to implement #KASLR - before OpenBSD. It's not black and white and hasn't been for years now yet everybody copies the same fake mantras about these 3 BSDs.
PhoronixMar 26, 2023

#Linux Will Stop Randomizing Per-CPU Entry Area When #KASLR Is Not Active

https://www.phoronix.com/news/Linux-Random-Per-CPU-Entry-ASLR

Original tweet : https://twitter.com/phoronix/status/1640020726924161024

Linux Will Stop Randomizing Per-CPU Entry Area When KASLR Is Not Active

JM ☠️Nov 24, 2022

A new ETW event, […] that could point at various suspicious behaviors of #KASLR bypasses

#offensivesecurity #redteam #blueteam #windowssecurity #edr

https://windows-internals.com/an-end-to-kaslr-bypasses/

An End to KASLR Bypasses? – Winsider Seminars & Solutions Inc.

heise online (inoffiziell)Jul 10, 2017
OpenBSD KARL: FΓΌr jeden Start ein neuer Kernel https://www.heise.de/ix/meldung/OpenBSD-KARL-Fuer-jeden-Start-ein-neuer-Kernel-3767821.html #ASLR #BSD #KARL #KASLR #LinuxundOpenSource #OpenSource #OpenBSD #Sicherheit