A Dirty Little History - Bypassing Spectre Hardware Defenses to Leak Kernel Data

Explore a 33-minute Black Hat conference talk that delves into the evolution of Spectre attacks and their ability to bypass hardware defenses. Learn about Branch Target Injection (BTI) and how it exploits misprediction in indirect branches to execute attacker-controlled instructions. Discover the researchers' findings on bypassing Spectre mitigations in modern CPUs, including their reverse engineering efforts and the discovery of a new Spectre variant. Gain insights into the practical implications through a live demonstration and understand the vendor responses to these vulnerabilities. Suitable for cybersecurity professionals and those interested in advanced hardware security topics.

Introduction
Project Overview
Spectrum
Indirect Branch
Branch History Injection
Reverse Engineering
Recap
Cisco Table Handler
Finding a Spectre Gadget
Spectra Variant 2
Live Demo
Vendor Response
Conclusion