On Thu, 12 Jul 2012 18:47:53 +0200, phocean said: > - Volatility: anything has to sit somehow in the memory, so there is no > way for it to escape from the analysis.
There's a number of attacks using the MTRR and IOMMU to cause the CPU to have a different view of memory. It is indeed possible for something to be sitting in memory but not be visible to *you* (while still being visible to something that didn't expect it to be visible, and thus delivering an exploit).
pgpXgQfbr39mY.pgp
Description: PGP signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
