Lists (4)
Stars
A flush-reload side channel attack implementation
This repository contains several tools to perform Prefetch Side-Channel Attacks
Student Starter Code for Secure Hardware Design at MIT
(2025)F450+树莓派5(Ubuntu24.04)+Dronekit+Aruco二维码降落教程
Supporting code for "You Cannot Always Win the Race: Analyzing mitigations for branch target prediction attacks" paper
Proof of concepts for speculative attacks using the BOOM core (https://github.com/riscv-boom/riscv-boom)
This tool lets you search your gadgets on your binaries to facilitate your ROP exploitation. ROPgadget supports ELF, PE and Mach-O format on x86, x64, ARM, ARM64, PowerPC, SPARC, MIPS, RISC-V 64, a…
A small library to modify all page-table levels of all processes from user space for x86_64 and ARMv8.
AMD Research Instruction Based Sampling Toolkit
PoC for breaking hypervisor ASLR using branch target buffer collisions
Artifact of "Speculation at Fault: Modeling and Testing Microarchitectural Leakage of CPU Exceptions"
Rain: Transiently Leaking Data from Public Clouds Using Old Vulnerabilities
Kernel Address Space Layout Derandomization (KASLD) - A collection of various techniques to infer the Linux kernel base virtual address as an unprivileged local user, for the purpose of bypassing K…
Arbitrary Speculative Code Execution with Return Instructions
Artefacts for: "VMScape: Exposing and Exploiting Incomplete Branch Predictor Isolation in Cloud Environments"
Training in Transient Execution and PhantomCALL, from Inception (SEC'23) Artifacts.
InSpectre Gadget: in-depth inspection and exploitability analysis of Spectre disclosure gadgets
Nemesis: Studying microarchitectural timing leaks in rudimentary CPU interrupt logic
This repository contains the sources and documentation for the LVI-LFB Control Flow Hijacking attack PoC (CVE-2020-0551)
The open-source component of Prime+Scope, published at CCS 2021