cpu
Hardware Cryptographic Accelerators to Enhance Security Without Slowing Down
Krupa Patil | | cpu, Cryptographic Accelerators, cryptography, CRYSTALS-Kyber, PCI DSS, PKI hierarchy, PQC algorithms, PQC readiness, PQC-ready certificates and keys, PSD2
From smartphones to smart homes and even industrial applications, embedded systems are everywhere. But as these systems become more prevalent in our daily lives, the risks of cyber threats grow just as ...
Hardware Level Vulnerabilities, Revisited
In August of last year, I examined several CPU bugs that posed serious security threats. The mitigations for these vulnerabilities generally involved either incorporating additional instructions or opting for alternative CPU instructions ...
Breaking Bitlocker
Rick | | BitLocker, cpu, Crypto, drive encryption, encryption, Microsoft, Mobile Security, security, Windows
It was only a matter of time before someone did this. Bitlocker is Microsoft’s technique for encrypting a desktop, laptop, or other MS Windows device. We encrypt the device to protect the ...
HALT! I am Reptar! Intel CPU Bug Panics Cloud Providers
Richi Jennings | | Cloud, Cloud IaaS, cpu, CPU attack, CPU flaw, CPU microcode, cpu vulnerability, Denial of Service, denial-of-service attack, DoS, IaaS, IaaS Security, Infrastructure as a Service (IaaS), Intel, Intel CPU, INTEL-SA-00950, Microcode Flaws, Redundant Prefix Issue, Reptar, SB Blogwatch, x86, x86_64
IaaS Catch Fire: Google and Intel fuzz, find and fix a fabulous bug. Next up: More of the same ...
Security Boulevard
Linux X86 Assembly – How To Test Custom Shellcode Using a C Payload Tester
Travis Phillips | | ALSR, analysis, Application Security, architecture, ASM, cpu, debugging, DEP, function, gas, getpagesize, Hello World, Linux, mprotect, payload, Penetration Testing, pointers, Professionally Evil, programming, Reverse Engineering, Secure Ideas, shellcode, stub, syscalls, testing, training, x86
Overview In the last blog post in this series, we created a tool to make it easy to build our custom payloads and extract them. However, what if we want to test ...
Linux X86 Assembly – How to Make Our Hello World Usable as an Exploit Payload
Travis Phillips | | analysis, Application Security, architecture, ASM, call, cpu, exit, gas, Hello World, int, jmp, Linux, mov, objdump, optimize, payload, Penetration Testing, PoP, Professionally Evil, programming, push, Registers, Reverse Engineering, Secure Ideas, shellcode, syscalls, training, write, x86, xchg, xor
Overview In the last two tutorials, we built a Hello World program in NASM and GAS for x86 assembly. While this can help us learn x86 assembly, it isn’t viable as a ...
Linux X86 Assembly – How to Build a Hello World Program in NASM
Travis Phillips | | analysis, Application Security, architecture, ASM, C++, cpu, exit, Hello World, int, Linux, mov, NASM, payload, Penetration Testing, Professionally Evil, programming, Registers, Reverse Engineering, Secure Ideas, shellcode, syscalls, write, x86
Overview A processor understands bytecode instructions specific to that architecture. We as humans use mnemonics to make building these instructions easier than remembering a bunch of binary codes. These mnemonics are known ...
A Hacker’s Tour of the X86 CPU Architecture
Travis Phillips | | analysis, Apple, architecture, ARM, cpu, eflags, Endian, M1, payload, Penetration Testing, Professionally Evil, Registers, Reverse Engineering, Reviews, Secure Ideas, segments, shellcode, x86
Overview The Intel x86 CPU architecture is one of the most prolific CPU architectures for desktops, laptops, and servers. While other architectures exist and are even taking some market share with mobile ...
BlindSide: Intel/AMD Speculation Bugs Under Microscope Again
Researchers have published frightening details on what they’re calling BlindSide, which relies on co-opting our old friend speculative execution ...
Security Boulevard
Bypassing KPTI Using the Speculative Behavior of the SWAPGS Instruction
Bitdefender senior researchers Dan Horea Luțaș and Andrei Vlad Luțaș recently uncovered a new speculative-execution vulnerability and demonstrated how it can be exploited via a side-channel style attack, dubbed SWAPGS Attack. The ...
