A Dirty Little History

Explore the evolution of Spectre vulnerabilities and their mitigations in this 50-minute conference talk from Recon 2022. Delve into the history of Spectre-v2, its initial software mitigations, and the subsequent hardware defenses implemented by Intel and Arm. Learn about the newly discovered "Branch History Injection" (BHI) attack primitive that bypasses these hardware mitigations. Gain insights into the black-box reverse engineering approach used to understand complex CPU defenses. Witness an end-to-end exploit demonstration leaking kernel memory on fully patched Intel 11th gen CPUs. Conclude with an overview of the latest Spectre defenses deployed after the BHI disclosure, highlighting the ongoing interplay between software and hardware mitigations in cybersecurity.

Recon 2022 - A Dirty Little History