I am at ACM CCS 2025 , where alvise is about to present "Canflict: Exploiting Peripheral Conflicts for Data-Link Layer Attacks on Automotive Networks". Thanks to all coauthors: alvise, Stefano Longari, Michele Carminati, Stefano Zanero Full paper: dl.acm.org/doi/pdf/10.114…

A wild ⁦alvise⁩ delivering a great talk at ⁦ACM CCS 2025⁩

Great talk by Floris Gorter about his project DangZero at ACM CCS 2025! Featuring also a nice little meme about Greg K-H approving the work :) gg

What a blast! Thanks to all my incredible co-authors Stefano Longari JinBlack (Mario Polino) Michele Carminati Stefano Zanero

Easily the highest impact bug I found (yet)

Disclosing CHOP, aka how attackers can bypass commodity return address protections such as stack cookies by hijacking the exception handling process. Paper to appear NDSS Symposium: download.vusec.net/papers/chop_nd…. Joint work by Duta Victor Fabian Freyer Fabio Pagani nSinus-R (@[email protected]) Cristiano Giuffrida

The Linux kernel, this is really cute!

Should we lose hope already on Rowhammer attacks? Andrea Di Dio from Vrije Universiteit Amsterdam is showing us at #NDSS23 that it is feasible to devise a software-based design to mitigate ECC-aware Rowhammer attacks.

Debug Location coverage for the variables in the optimized binaries compiled with the newest release of LLVM look nice. A bit longer post is at djolertrk.github.io/2023/05/14/Deb…. We started from 45%, and now we are at 71%, nice! llvm.org

I am extremely happy about this paper, which is the brainchild of my PhD student Law and my colleague JinBlack (Mario Polino). BINO addresses the irksome problem of identifying inlined functions (specifically from C++ template classes) in binaries. authors.elsevier.com/c/1hD5Kc43v0Znn

I'm thrilled to announce that our paper "Speculation@Fault" USENIX Security is online! Read about how we automatically find information leakages arising from CPU exceptions by fuzzing against speculative contracts.

That’s also a way to mention the OSI layers Herbert Bos🤣 #nohat2023

Disclosing #SLAM, aka how to combine Spectre and Intel LAM (& co.) to leak kernel memory on future CPUs (demo below). Thousands of exploitable "unmasked" (or pointer chasing) gadgets in the Linux kernel. Joint work by Mathé Hertogh Sander Wiebing Cristiano Giuffrida: vusec.net/projects/slam

We ended up on HN and some interesting discussions emerged: news.ycombinator.com/item?id=389752…

If you ever happen to look for Spectre gadgets manually and feel pain and loneliness, you should check github.com/vusec/inspectr… ... It's been a wild ride, but working with Sander Wiebing was the best thing ever :) Also, BHI is back baby

😎 We’re going to REcon 2024! 😎 This will be the first talk in which we introduce the decompiler since the open source release. It will be very much an hands on talk. Don’t miss it. See you in June in Montreal! ⚜️🌹☘️ cfp.recon.cx/recon2024/talk…

Just a few days left to apply to our PhD and PostDoc positions available at VUSec. If you love low-level systems hacking and would you like to work at a top systems security research group in Amsterdam, consider applying: workingat.vu.nl/vacancies/phd-…

The Spectre exploit chef Sander Wiebing just gave an impeccable talk at USENIX Security about our work on Spectre gadgets analysis and native BHI exploitation. Very happy - and proud of the Distinguished Paper award too :)

Remote code execution on a Yamaha piano. psi3.ru/blog/swl01u/