Introduction This post is not actually directly related to the first one and does not use CVE-2020-1034. It just talks about a second vulnerability that I found while researching ETW internals, which discloses the approximate location of the NonPaged pool to (almost) any user. It was spurred by a tweet that challenged me to find … Continue reading Exploiting a “Simple” Vulnerability – Part 1.5 – The Info Leak