Roland Czerny

Announcing #CounterSEVeillance, a novel attack on AMD SEV-SNP inferring control-flow information and operand properties from performance-counter data with single-instruction resolution. Thanks to @hweissi, Robin Leander Schröder and @lavados for the amazing collaboration!

@redrabbyte just received the Best Paper Award @ASIACCS2024 🎉Congrats to everyone that worked on the paper!!

🚨‼️ New security loophole allows spying on internet users visiting websites and watching videos ‼️🚨 The security loophole known as "SnailLoad" allows bypassing firewalls, VPN connections and browser privacy modes. No malicious code is required to exploit this vulnerability and the data traffic does not need to be intercepted. All types of end devices and internet connections are affected simply by monitoring fluctuations in the speed of the internet connection. ➡️ tugraz.at/en/tu-graz/ser… ⬅️ The research team led by Stefan Gast and Daniel Gruss will present the scientific paper on the loophole at the conferences Black Hat USA 2024 and USENIX Security Symposium. #SnailLoad Image: The team from the Institute of Applied Information Processing and Communications at TU Graz that discovered and analysed the security loophole (from left): Fabian Rauscher (@v4m1n), Jonas Juffinger, Stefan Gast (@notbobbytables), Simone Franza (@silent_bits), Daniel Gruss (@lavados), Roland Czerny (@_rolicz); IAIK - TU Graz

Announcing #SnailLoad, a website- and video-fingerprinting attack via TCP connections, without any attacker code on the victim machine: snailload.com Great collaboration with @_rolicz, @notimaginary, @v4m1n, @silent_bits and @lavados (1/3)

Sicherheitsleck in Browserschnittstelle für Grafikkarten aufgedeckt science.apa.at/power-search/7… @tugraz @redrabbyte @_rolicz

Our new paper "Generic and Automated Drive-by GPU Cache Attacks from the Browser" has been accepted at @ASIACCS2024! 🎉 We show basic cache attack primitives on NVIDIA&AMD, and more complex attacks on NVIDIA. You can read it and try a tiny POC here ginerlukas.com/gpuattacks/.

Honored to receive best paper award for our CustomProcessingUnit paper at WOOT! Check out our static and dynamic analysis frameworks for Intel microcode 😃 Shout out to @borrello_pietro (1st author and newly minted Dr 🎓), @marv0x90, @_rolicz, @misc0110 for this awesome collab

I'm super happy to share that our work "CustomProcessingUnit: Reverse Engineering and Customization of Intel Microcode" has been accepted at #WOOT23! 🎉 We extend our #BHUSA work to show how microcode tracing and patching can be useful to improve CPU performance and security 👀

Verifying myself: I am rcze on Keybase.io. bPXsLAWrwRcyPa83Cinfcb7BuRMYl6dUDBpc / keybase.io/rcze/sigs/bPXs…

You may have heard about @Intel's horrific #Meltdown bug. But have you watched it in action? When your computer asks you to apply updates this month, don't click "not now." (via spectreattack.com & @misc0110)