Leon Trampert

Today we reveal StackWarp: a new CPU vulnerability exploiting a synchronization bug in AMD’s stack engine across Zen 1–5 CPUs. It enables deterministic manipulation of Confidential VM's stack pointer, allowing RCE and privilege escalation via both control- and data-flow hijacking

StackWarp: A new CPU vulnerability affecting AMD SEV-SNP (Zen 1-5). A malicious host can manipulate the stack pointer inside the confidential virtual machine, breaking integrity and confidentiality guarantees. /cc @Rayiizzz stackwarpattack.com

Thrilled to present our (Lukas G., @LTrampert ,Youheng L, @jovanbulck ,@misc0110) newest paper ("SCASE: Automated Secret Recovery via Side-Channel-Assisted Symbolic Execution") at #USENIX Security this week! 1/n

Heading to Black Hat Asia now! @LTrampert and I will give a briefing about deanonymizing users not only on the web but also in their email clients! #BHASIA

Join Lorenz (@hetterichlorenz) and me tomorrow at our #BHUSA briefing "Arbitrary Data Manipulation and Leakage with CPU Zero-Day Bugs on RISC-V." We'll unveil a novel architectural CPU bug that breaks all security isolations on affected RISC-V hardware. #arbitrary-data-manipulation-and-leakage-with-cpu-zero-day-bugs-on-risc-v-38293" target="_blank" rel="nofollow noopener">blackhat.com/us-24/briefing…

#CacheWarp: a new software-based fault attack on AMD EPYC CPUs. It allows attackers to hijack control flow, break into encrypted VMs and perform privilege escalation inside the VM within minutes.

Had the pleasure to present two papers at ESORICS today! The first analyzes the remaining attack surface of Meltdown 3a, the second (presented together with @fth0mas) shows that we can use Meltdown-US to leak the cache state of kernel structures on fully patched systems! 1/n

I'm thrilled to present our (@____salmon____, @misc0110) work Hammulator, a parameterizable Rowhammer simulator, at #DRAMSec 2023 (June 17). Our simulator supports both syscall and full-system emulation, enabling comprehensive analysis of #Rowhammer attacks and mitigations.

Thrilled to announce my first #Blackhat talk! We (@weber_daniel, @misc0110) will present how the power-optimization instructions umonitor/umwait can be abused to mount microarchitectural attacks. #BHMEA22

Super excited for my first #BlackHat talk at #BHMEA22! Join me tomorrow at 17:45 where I showcase our (@misc0110 & @chrossow) work on how information about the CPU can be leaked from the browser. Such information can be used to assist mounting microarchitectural exploits.

Really excited for our (@misc0110, @mlqxyz) Black Hat MEA presentation about fuzzing modern CPUs to find microarchitectural attacks. #BHMEA22