Update index.md

content/24h2-nt-exploit/index.md

@@ -96,12 +96,12 @@ After getting an understanding of EntryBleed on Linux, I started porting the tec
 
 Additionally I discovered a [paper by Daniel Gruss, Clémentine Maurice, and Anders Fogh](https://gruss.cc/files/prefetch.pdf) from 2016 which described exactly the sort of prefetch attack against Windows that I was hoping to achieve. With the help of these resources I started measuring prefetch times on all of the machines I had at my disposal, and put together a (fairly) reliable tool to determine the base address of the Windows kernel.
 
+This tool is very much a proof-of-concept with lots of room for improvement, but I found it to be reliable on modern Intel CPUs. AMD CPUs appear to be less consistent in their behavior when prefetching a mapped address. I was able to get the AMD support reliable for the VM in which I was testing, but had issues when running on other hardware. Any improvements from folks more experienced with side channels would be greatly appreciated! Source code for this tool can be [found on GitHub](https://github.com/exploits-forsale/prefetch-tool).
+
 _The prefetch tool in action!_
 
 ![The prefetch tool in action!](image8.png)
 
-Source code for this tool can be [found on GitHub](https://github.com/exploits-forsale/prefetch-tool).
-
 ## Exploitation
 
 At this point we have enough to start building an actual exploit. We have bypassed KASLR and located the base address of the kernel in memory, and we have a vulnerability that allows us to write arbitrary data anywhere in the kernel. In prior versions of Windows it was possible to get the kernel address for a specific object by its handle, which could then be the target for corruption. The only kernel address we have now is the base address of the kernel, so we will need to start by corrupting global objects within the kernel.