The Hack-A-Sat finals team videos are BACK! 😎 Get to know the teams competing in the #HackASat4 finals next month. First up, 2nd place in quals earlier this year, team mhackeroni! 🇮🇹This Italian team has competed in all 4 Hack-A-Sat competitions & is ready for DEF CON!

No Hat is a 2023 sponsor of mhackeroni, one of the top Italian Ethical Hacking teams! In 10 years, mhackeroni has consistently made it to the podium in major global CTF events, reaching 2nd place in the US Department of Defense Hack-A-Sat final stage and top places in DEF CON

I am happy to announce that Collide+Power, our new and generic software-based power side-channel technique, has been accepted at USENIX Security 2023 #usesec23. collidepower.com

Dropping #Downfall, exploiting speculative forwarding of 'Gather' instruction to steal data from hardware registers. #MeltdownSequel - Practical to exploit (POC/Demo) - Defeat all isolation boundaries (OS, VM, SGX) - Bypass all Meltdown/MDS mitigations. downfall.page

With mhackeroni we won the first CTF pwning a satellite in space 👀 An insanely cool competition organized by Hack-A-Sat at DEF CON, even with cpu side channels in orbit 🤯

reposting now that my twitter cards work! blog post about exploring the local branch predictor on my M2 MBP reflexive.space/apple-m2-bp/

🔺New on the Apple Security Research blog: a brief technical overview of iMessage Contact Key Verification! security.apple.com/blog/imessage-…

If you are interested in uArch Security, we just opened an internship position at Apple! The position is focused on offensive research, and you will be contributing to the security of some of our most advanced CPUs in one of the coolest teams. Apply at: jobs.apple.com/en-us/details/…

Come work with us in beautiful Amsterdam! We have a new faculty position in Security research Vrije Universiteit Amsterdam (inactief). The specific research topic is flexible and synergies with VUSec topics are welcome. Feel free to DM for details. workingat.vu.nl/ad/assistant-p…

Disclosing #SLAM, aka how to combine Spectre and Intel LAM (& co.) to leak kernel memory on future CPUs (demo below). Thousands of exploitable "unmasked" (or pointer chasing) gadgets in the Linux kernel. Joint work by Mathé Hertogh Sander Wiebing Cristiano Giuffrida: vusec.net/projects/slam

New paper with Pietro Borrello Daniele Cono D'Elia Davide Balzarotti Leonardo Querzoni Cristiano Giuffrida! "Predictive Context-sensitive Fuzzing" introduces compile time context sensitivity to fuzzing w/ selective prioritization using dataflow diversity. Will appear at NDSS24, get it at download.vusec.net/papers/pcsfuzz…

Had a blast this past weekend at H2HC talking about the basics of CPU vulns and about my experience analyzing a couple vulns from Tavis Ormandy - you can check my slides at reptar.fun (they are not just about Reptar though!) and PoCs: github.com/google/securit…

Can a malicious cloud provider send bad notifications to break confidential VMs? Disclosing #AhoiAttacks that break confidential computing offered by AMD SEV-SNP and Intel TDX by abusing interrupt delivery. Check our USENIX Security & IEEE S&P papers. ahoi-attacks.github.io/?1337

Want to learn about security artifacts? 🤖🧪🚀 NDSS Symposium seeks enthusiastic Artifact Evaluation committee members (PhD/graduate students, postdocs, industry researchers) to review cutting-edge research materials. Apply by May 31st: tinyurl.com/ndss25aec RTs appreciated 🙏

📢 Calling all Sponsors! Get mhackeroni to the DEF CON 32 CTF finals 🚩🍝 Would you like to be a part of moving the kitchen to Las Vegas this summer & secure a spot for your logo in our highly-demanded t-shirt? Contact us! Your favourite Italian Acheri™️ need your help!

HW defenses against Spectre are tricky: they need to be applied correctly by the SW, and we need to trust that the HW does what its supposed to. Our latest work "Breaking the Barrier" exploits loopholes in both of these issues on Intel and AMD parts. comsec.ethz.ch/breaking-the-b…

Here are the details about the AMD Signature verification vulnerability we worked on, Enjoy! bughunters.google.com/blog/542484235…

V8 Security is hiring in Warsaw! If you want to work on improving our JavaScript and Wasm fuzzers, check out the links below!

Disclosing Branch Predictor Race Conditions (BPRC), a new class of vulnerabilities where asynchronous branch predictor operations violate hardware-enforced privilege and context separation in virtually all recent Intel CPUs. johannes Kav : comsec.ethz.ch/bprc

This is one of the coolest talks I have seen in a while! Incredible research 🔥