ZombieLoad is a novel category of side-channel attacks which we refer to as **data-sampling attack**. It demonstrates that faulting load instructions can transiently expose private values of one Hyperthread sibling to the other. This new exploit is the result of a collaboration between Michael Schwarz, Daniel Gruss and Moritz Lipp from Graz University of Technology, Thomas Prescher and Julian Stecklina from Cyberus Technology, Jo Van Bulck from KU Leuven, and Daniel Moghimi from Worcester Polytechnic Institute. In this article, we summarize the implications and shed light on the different attack scenarios across CPU privilege rings, OS processes, virtual machines, and SGX enclaves, and give advice over possible ways to mitigate such attacks.
After Meltdown and Spectre, more vulnerabilities in out-of-order CPUs have been uncovered that use similar side channels. This article is about the L1 Terminal Fault vulnerability, a meltdown-style attack that is also effective against up-to-date system software incorporating KPTI-like patches.
After Meltdown and Spectre, which were publicly disclosed in January, the Spectre V3a and V4 vulnerabilities followed in May. According to the German IT news publisher Heise, the latter might be part of eight new vulnerabilities in total that are going to be disclosed in the course of the year.
After Meltdown and Spectre, more vulnerabilities in out-of-order CPUs have been uncovered that use similar attack vectors. This article is about the new variant 4 of the Spectre attack that works without misleading the branch predictor. Instead, it exploits an implementation detail of Intel's memory disambiguation technique inside the CPU's pipeline.
As an important step towards automating the creation of Windows disk assets/images, we will take a closer look at the Critical Device Database (CDDB) inside the Windows registry. The goal is to transform any locally installed instance to be bootable from iSCSI without having to run a full installation onto an iSCSI disk before.
In this article, we will describe how an ordinary Windows 7 installation can be converted to be booted from iSCSI. We will cover the particularities of the Windows network boot process and and elaborate on the differences to the normal boot. We then describe our solution using some registry modifications.