Daniel Weber

More Info + Exploits: stackwarpattack.com AMD's Fix: amd.com/en/resources/p…

We're [1] disclosing StackWarp, a CPU vulnerability allowing complete AMD SEV VM takeovers! The project was lead by @Rayiizzz, who is also on the academic job market, so hit him up if u want research like this on your campus! [1] @Rayiizzz, T. Hornetz, me, @fth0mas, @misc0110

For more details on the discovery process and our findings, we refer to our research paper, which is published at USENIX Security 2026. paper: stackwarpattack.com github: github.com/cispa/StackWarp \cc Tristan Hornetz, @weber_daniel, @fth0mas, @misc0110

Today we reveal StackWarp: a new CPU vulnerability exploiting a synchronization bug in AMD’s stack engine across Zen 1–5 CPUs. It enables deterministic manipulation of Confidential VM's stack pointer, allowing RCE and privilege escalation via both control- and data-flow hijacking

@LTrampert @jovanbulck @misc0110 Using Athena, you can create PoC attacks without needing to care about your target's implementation or memory layout! Paper: d-we.me/papers/scase_u… Code: github.com/cispa/scase PS: I'm available for hire soon, so ping me if you're at USENIX and know exciting opportunities!

Thrilled to present our (Lukas G., @LTrampert ,Youheng L, @jovanbulck ,@misc0110) newest paper ("SCASE: Automated Secret Recovery via Side-Channel-Assisted Symbolic Execution") at #USENIX Security this week! 1/n

@LTrampert @jovanbulck @misc0110 Automation is the key to further bridge the gap between academic research and practical side-channel attacks! Thus, we automate side-channel attacks by leveraging a symbolic execution engine.

@LTrampert @BlackHatEvents for more info: s.roots.ec/spy-sheets

@LTrampert and I just gave a talk at Black Hat Asia showing how CSS can be abused to deanonymize you when opening an email! cc: @BlackHatEvents #BHASIA25

Heading to Black Hat Asia now! @LTrampert and I will give a briefing about deanonymizing users not only on the web but also in their email clients! #BHASIA

Here comes another fantastic talk—get ready! "Beauty at a Cost: Privacy Implications of CSS on the Web and in Emails.“ by @LTrampert and @weber_daniel. 🌐 #RuhrSec Website ruhrsec.de/2025/ 📖 RuhrSec Program #program" target="_blank" rel="nofollow noopener">ruhrsec.de/2025/index.htm… #itsecurity #itsicherheit

github.com/google/securit… Our newest research project is finally public! We can load malicious microcode on Zen1-Zen4 CPUs!

@____salmon____ @jan__reineke @misc0110 @CISPA In "No Leakage Without State Change", we propose to shift away from monitoring entire systems for malicious processes towards enabling high-profile processes to monitor their own behavior to detect the influences of microarchitectural attacks. Details: misc0110.net/files/irqguard…

Super excited to present our (L. Niemann, @____salmon____, @jan__reineke, @misc0110) newest paper at #ACSAC2024! We show how modern CPU hardware can be leveraged to stop side-channel attacks almost instantly (~200 CPU cycles)! Code/Paper: github.com/cispa/IRQGuard

The first #ACSAC2024 #PaperPreview today is by Weber et al., who show that HW features can be used to stop #SideChannel #attacks almost immediately by monitoring the victim: openconf.org/acsac2024/modu… #cybersecurity @weber_daniel @____salmon____ @jan__reineke @misc0110 @cispa

Excited to announce the release of the Rapid Data Analysis (RDA) framework! RDA streamlines side-channel analysis with plotting, processing, and analysis tools—usable directly from the terminal or in scripts. Check it out: github.com/0xhilbert/rda #SideChannel

Congrats! It was a pleasure working with you!

The *coolest* saarsec summer party ever!

The @Scaleway EM-RV1 OSes were patched several months ago. The default installation disables problematic instructions, and customers who installed their machines before have been contacted. Reminder: #update-the-kernel" target="_blank" rel="nofollow noopener">scaleway.com/en/docs/bare-m… I'd like to thank the @CISPA researchers who contacted us in advance to help manage the problem before making it public. It's sad that such a flaw exists on the TH1520's C910, but fortunately it stems from an error on a draft instruction set that can be software disabled. On the other hand, one of the advantages of open processors is that it allows external entities to look at the sources and see what has been done beyond the usual techniques. #ghostwrite #riscv #rvv #cybersecurity #security #cloud #baremetal