Skip to content
The code to the SGX-ROP paper
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.
demo add mising config xml Feb 13, 2019
egghunter add PoC Feb 12, 2019
tap_claw add PoC Feb 12, 2019 add PoC Feb 12, 2019

SGX-ROP: Practical Enclave Malware with Intel SGX

This repository contains the implementations of the paper "Practical Enclave Malware with Intel SGX". The repository consists of three parts: tap_claw, demo, and egghunter.


Contains the Intel TSX-based primitives to check whether a page is mapped and writable without using syscalls.


Uses TAP + CLAW inside a (malicious) SGX enclave to break ASLR of the host application, create a ROP payload and mount a simple PoC attack (i.e., create a file in the current directory).

Egg Hunter

Shows how to use TAP as egg hunter for classical exploits.


All code is licensed under the MIT license.

You can’t perform that action at this time.