How The RIDL CPU Vulnerability Was Found
In this video we explore the basic ideas behind CPU vulnerabilities and have a closer look at RIDL.
This video is sponsored by Intel and their Project Circuit Breaker: https://www.projectcircuitbreaker.com/
How to Benchmark Code Execution Times: https://www.intel.com/content/dam/www/public/us/en/documents/white-papers/ia-32-ia-64-benchmark-code-execution-paper.pdf
Anders Fogh: https://cyber.wtf/2017/07/28/negative-result-reading-kernel-memory-from-user-mode/
Speculose: https://arxiv.org/abs/1801.04084
RIDL Paper: https://mdsattacks.com/files/ridl.pdf
Foreshadow PoC: https://github.com/gregvish/l1tf-poc/blob/master/doit.c
Sebastian Österlund: https://osterlund.xyz/
Chapters:
00:00 - Intro & Motivation
00:57 - Concept #1: CPU Caches
01:57 - Measure Cache Access Time with rdtscp
05:00 - Concept #2: Out-of-order Execution
06:11 - CPU Pipelining
07:13 - Out-of-order Execution Example
09:19 - CPU Caching + Out-of-order Execution = Attack Idea!!
10:33 - Negative Result: Reading Kernel Memory From User Mode
13:45 - Pandoras Box
14:23 - Interview with Sebastian Österlund
17:24 - Accidental RIDL Discovery
19:31 - NULL Pointer Bug
21:50 - Investigating Root Cause
23:28 - Conclusion
24:24 - Outro
-=[ ❤️ Support ]=-
→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: https://twitter.com/LiveOverflow/
→ Instagram: https://instagram.com/LiveOverflow/
→ Blog: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/
Видео How The RIDL CPU Vulnerability Was Found канала LiveOverflow
This video is sponsored by Intel and their Project Circuit Breaker: https://www.projectcircuitbreaker.com/
How to Benchmark Code Execution Times: https://www.intel.com/content/dam/www/public/us/en/documents/white-papers/ia-32-ia-64-benchmark-code-execution-paper.pdf
Anders Fogh: https://cyber.wtf/2017/07/28/negative-result-reading-kernel-memory-from-user-mode/
Speculose: https://arxiv.org/abs/1801.04084
RIDL Paper: https://mdsattacks.com/files/ridl.pdf
Foreshadow PoC: https://github.com/gregvish/l1tf-poc/blob/master/doit.c
Sebastian Österlund: https://osterlund.xyz/
Chapters:
00:00 - Intro & Motivation
00:57 - Concept #1: CPU Caches
01:57 - Measure Cache Access Time with rdtscp
05:00 - Concept #2: Out-of-order Execution
06:11 - CPU Pipelining
07:13 - Out-of-order Execution Example
09:19 - CPU Caching + Out-of-order Execution = Attack Idea!!
10:33 - Negative Result: Reading Kernel Memory From User Mode
13:45 - Pandoras Box
14:23 - Interview with Sebastian Österlund
17:24 - Accidental RIDL Discovery
19:31 - NULL Pointer Bug
21:50 - Investigating Root Cause
23:28 - Conclusion
24:24 - Outro
-=[ ❤️ Support ]=-
→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: https://twitter.com/LiveOverflow/
→ Instagram: https://instagram.com/LiveOverflow/
→ Blog: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/
Видео How The RIDL CPU Vulnerability Was Found канала LiveOverflow
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
riscure embedded hardware CTF is over - loopback 0x03Live Hacking - Internetwache CTF 2016 - web50, web60, web80LiveOverflow Channel Trailerformat2 on a modern Ubuntu - bin 0x26Deepdive Containers - Kernel Sources and nsenterWhat is a Protocol? (Deepdive)Riscure Embedded Hardware CTF setup and introduction - rhme2 SolderingTCP Protocol introduction - bin 0x1AXSS on the Wrong Domain T_T - Tech Support (web) Google CTF 2020Finding 0day in Apache APISIX During CTF (CVE-2022-24112)File Path Race Condition & How To Prevent It - bin 0x31VPNs, Proxies and Secure Tunnels Explained (Deepdive)Exploit Fails? Debug Your Shellcode - bin 0x2BNew to Linux? Need Help Understanding Shell Commands?HACKERSPACES ARE AWESOME!Fuzzing Browsers for weird XSS VectorsUnderstanding C Pointer Magic Arithmetic | Ep. 07Solving Pwnable CTF Challenge With Docker WorkflowThe fakeobj() Primitive: Turning an Address Leak into a Memory CorruptionThe HTTP Protocol: GET /test.html - web 0x01What is a Browser Security Sandbox?! (Learn to Hack Firefox)