I'm thrilled to present our (@____salmon____, Michael Schwarz) work Hammulator, a parameterizable Rowhammer simulator, at #DRAMSec 2023 (June 17). Our simulator supports both syscall and full-system emulation, enabling comprehensive analysis of #Rowhammer attacks and mitigations.

I am happy to announce that Collide+Power, our new and generic software-based power side-channel technique, has been accepted at USENIX Security 2023 #usesec23. collidepower.com

Had the pleasure to present two papers at ESORICS today! The first analyzes the remaining attack surface of Meltdown 3a, the second (presented together with Fabian Thomas) shows that we can use Meltdown-US to leak the cache state of kernel structures on fully patched systems! 1/n

In "Reviving Meltdown 3a", we (Fabian Thomas, @____salmon____, Ruiyi Zhang, Michael Schwarz) analyzed 19 CPUs for the system registers that we can still leak using Meltdown 3a. Find the details and the tool to check your own CPU here: github.com/cispa/regcheck

In "Indirect Meltdown", we (Fabian Thomas, @____salmon____ , Ruiyi Zhang, Michael Schwarz) show that transient-execution attacks can be turned into side-channel attacks (on fully patched machines)! If you want to know more or play around with our PoC: github.com/cispa/indirect…

Finally received my visa today! Unfortunately, I can't book everything in time for #BHUSA, so I'll miss the chance to present. However, you definitely shouldn't miss these two incredible talks: 🗓️ Wednesday | 🕙 10:20 AM 🗓️ Thursday | 🕒 3:20 PM

Join Lorenz (@hetterichlorenz) and me tomorrow at our #BHUSA briefing "Arbitrary Data Manipulation and Leakage with CPU Zero-Day Bugs on RISC-V." We'll unveil a novel architectural CPU bug that breaks all security isolations on affected RISC-V hardware. blackhat.com/us-24/briefing…

With the #GhostWrite CPU vulnerability, all isolation boundaries are broken - sandbox/container/VM can't prevent GhostWrite from writing and reading arbitrary physical memory on affected RISC-V CPUs. Deterministic, fast, and reliable - no side channels. ghostwriteattack.com

Had a nice talk about #GhostWrite today together with @hetterichlorenz at #BHUSA. Our demos included reading arbitrary memory and escalating privileges. Further, we showed how #GhostWrite can interact with physical devices. Stay tuned for the recording. ghostwriteattack.com

The Scaleway EM-RV1 OSes were patched several months ago. The default installation disables problematic instructions, and customers who installed their machines before have been contacted. Reminder: scaleway.com/en/docs/bare-m… I'd like to thank the @CISPA researchers who contacted

Want to learn how to get root on the T-Head C910 #RISCV CPU within seconds? Visit our website ghostwriteattack.com covering the #GhostWrite vulnerability. #BlackHat #BHUSA