headings are harddddddddddd

gabe-k · web-flow · commit 642d94a25c46 · 2024-04-26T08:09:41.000-07:00
diff --git a/content/24h2-nt-exploit/index.md b/content/24h2-nt-exploit/index.md
@@ -90,7 +90,7 @@ Since the syscall handler’s memory is present in the user mode page tables, on
 
 This is, as stated above, a very short summary of EntryBleed. For a much more detailed description I highly recommend [reading the original article](https://www.willsroot.io/2022/12/entrybleed.html).
 
-## Prefetch on Windows
+### Prefetch on Windows
 
 After getting an understanding of EntryBleed on Linux, I started porting the technique to Windows. I initially assumed that I would have to contend with KVA shadowing (the Windows equivalent of KPTI) but soon realized that KVA shadowing is now disabled on modern Windows 11 machines. This means that since there is no longer any isolation between user and kernel page tables, not only is the memory for the syscall handler present in user mode page tables, but the entire kernel address space is present.
 
