Herzlichen Glückwunsch an Benedict Schlüter! 🎉 Der 21-jährige Student von der Ruhr-Universität Bochum hat den eurobits Excellence Award 2021 gewonnen. Mit seiner Bachelor-Arbeit aus dem Bereich IT-Sicherheit überzeugte er im Finale die Jury. Relive 👉 youtu.be/YN-mSaK7Vf4 Horst Goertz Institute for IT Security

🐝 eCHO News Episode 35 🐝 Cilium Identity and Mutual Auth Content from: Olivier Bonaventure Joseph Ligier @UltTransformer Anna Kapuścińska 🇺🇦 Kai @[email protected] saifeddine rajhi 🐝🐳 Nico Vibert Emin Aktaş Benedict Schlueter Moritz Eckert Bill Mulligan 🐝🐝🐝 Davanum Srinivas Dan 🐝 isogo.to/echo-news-35

How do synchronization primitives work during speculative execution? THEY DON'T! Disclosing #GhostRace (paper USENIX Security). We turn all arch. race-free critical regions of OS/Hypervisors into Speculative Race Conditions. Joint work VUSec IBM Research: vusec.net/projects/ghost…

Can a malicious cloud provider send bad notifications to break confidential VMs? Disclosing #AhoiAttacks that break confidential computing offered by AMD SEV-SNP and Intel TDX by abusing interrupt delivery. Check our USENIX Security & IEEE S&P papers. ahoi-attacks.github.io/?1337

After more than 6 months of hard work, we are thrilled to disclose #AhoiAttacks that break confidential computing offered by AMD SEV-SNP and Intel TDX with malicious interrupts. ahoi-attacks.github.io

Branch History Injection (BHI) is back! Disclosing Native BHI, bypassing deployed Spectre-v2/BHI mitigations (e.g., eBPF=off) to leak arbitrary kernel/host memory (e.g., root password hash below). Joint work by Sander Wiebing alvise Herbert Bos Cristiano Giuffrida: vusec.net/projects/nativ…

I'm speechless

WeSee: Using Malicious #VC Interrupts to Break AMD SEV-SNP got the Distinguished Paper award at IEEE #SP24! Blog & artifacts: ahoi-attacks.github.io/wesee/ Our talk is on May 22, Wed in Track 2, Ballroom 5 @ 1:25 PM #ahoi Congrats Benedict Schlueter Supraja Andrin Bertschi

Announcing #CounterSEVeillance, a novel attack on AMD SEV-SNP inferring control-flow information and operand properties from performance-counter data with single-instruction resolution. Thanks to Hannes Weissteiner, Robin Leander Schröder and Daniel Gruss for the amazing collaboration!

🔓 Heracles ACM CCS 2025'25: Breaking AMD’s Confidential Computing! We show that the hypervisor can read and move hardware-encrypted memory on AMD SEV-SNP. We build a chosen-plaintext oracle to leak kernel memory, auth keys, and cookies from "confidential" VMs heracles-attack.github.io

🚨Breaking AMD’s Confidential Computing (again!) — Meet RMPocalypse 🚨 Thrilled to share our 2nd paper at ACM CCS 2025 🎉 We break AMD SEV-SNP’s guarantees—with just one write! Forge attestation & enable debug, with 100% success 👥Work with Benedict Schlueter 📄rmpocalypse.github.io