Supporting code for "You Cannot Always Win the Race: Analyzing mitigations for branch target prediction attacks" paper

Proof of concepts for speculative attacks using the BOOM core (https://github.com/riscv-boom/riscv-boom)

This tool lets you search your gadgets on your binaries to facilitate your ROP exploitation. ROPgadget supports ELF, PE and Mach-O format on x86, x64, ARM, ARM64, PowerPC, SPARC, MIPS, RISC-V 64, a…

A small library to modify all page-table levels of all processes from user space for x86_64 and ARMv8.

AMD Research Instruction Based Sampling Toolkit

Stupid memory latency and TLB tester

PoC for breaking hypervisor ASLR using branch target buffer collisions

Artifact of "Speculation at Fault: Modeling and Testing Microarchitectural Leakage of CPU Exceptions"

Rain: Transiently Leaking Data from Public Clouds Using Old Vulnerabilities

Kernel Address Space Layout Derandomization (KASLD) - A collection of various techniques to infer the Linux kernel base virtual address as an unprivileged local user, for the purpose of bypassing K…

Arbitrary Speculative Code Execution with Return Instructions

Artifacts for the stackengine paper

Artefacts for: "VMScape: Exposing and Exploiting Incomplete Branch Predictor Isolation in Cloud Environments"

Training in Transient Execution and PhantomCALL, from Inception (SEC'23) Artifacts.

InSpectre Gadget: in-depth inspection and exploitability analysis of Spectre disclosure gadgets

Platypus Educational Samples

Nemesis: Studying microarchitectural timing leaks in rudimentary CPU interrupt logic

This repository contains the sources and documentation for the LVI-LFB Control Flow Hijacking attack PoC (CVE-2020-0551)

The open-source component of Prime+Scope, published at CCS 2021

GNU toolchain for RISC-V, including GCC

Spike, a RISC-V ISA Simulator

A libgloss replacement for RISC-V that supports HTIF

Gem5 implementation of "InvisiSpec", a defense mechanism of speculative execution attacks on cache hierarchy.

RISC-V Assembly Programmer's Manual