Bypassing KPTI Using the Speculative Behavior of the SWAPGS Instruction
Offered By: Black Hat via YouTube
Course Description
Overview
Explore a groundbreaking conference talk from Black Hat that delves into a new type of side-channel attack based on the speculative execution of the SWAPGS instruction within the OS kernel. Learn how this attack can bypass existing protective measures, including CPU microcode patches and kernel address space isolation. Discover the intricacies of sidechannel attacks, segmentation, and the research question that led to this discovery. Understand the brute force attack method employed and the special considerations involved in this exploit. Gain valuable insights from security researchers Andrei Lutas and Dan Lutas as they present their findings on circumventing KPTI using the speculative behavior of the SWAPGS instruction in this 49-minute presentation.
Syllabus
Introduction
Sidechannel Attacks
Segmentation
Research Question
Brute Force Attack
Special Considerations
Taught by
Black Hat
Related Courses
Ret2spec- Speculative Execution Using Return Stack BuffersAssociation for Computing Machinery (ACM) via YouTube Mill vs. Spectre - Performance and Security
Strange Loop Conference via YouTube Spectre Attacks Exploiting Speculative Execution
IEEE via YouTube High-Assurance Cryptography in the Spectre Era
IEEE via YouTube Mitigating Spectre Attacks Using CFI Informed Speculation
IEEE via YouTube