To reduce the memory footprint and to increase the cost-effectiveness of virtual machines (VMs) running on the same host, cloud providers use memory deduplication. Memory deduplication searches for memory pages with the same contents and merges them into one, read-only memory page. Writing to these pages is expensive due to page faults caused by the memory protection, and this cost can be used by an attacker as a side-channel to detect whether a page has been shared. Leveraging this memory side-channel, we craft an attack that leaks the randomized base addresses of libraries and executables mapped in processes of neighboring VMs, and hence, defeats ASLR. Our proof-of-concept exploit, CAIN (Cross-VM ASL INtrospection), defeats ASLR of a 64-bit Windows Server 2012 victim VM running on a default KVM configuration in less than five hours.In this session, we will discuss the underlying concepts of the attack and we will present the CAIN PoC exploit.