2019 Toorcon

Writing PoCs for processor software side-channels

Talk will briefly explain previously related work of L1TF vulnerability and how writing proof-of-concepts is actually the least fun part of processor software side-channels. Techniques and methodologies will be shared that led to discovery of MDS (Microarchitectural Data Sampling) vulnerabilities CVE-2018-12130, CVE-2019-11091. What one should pay attention to and how understanding of results and its validation is the most important factor.

Original Link: https://talks.toorcon.net/toorcon21/talk/KE9SYU/

Slides: https://github.com/hwroot/Presentations/blob/master/Writing%20PoCs%20for%20processor%20software%20side-channels.pdf

2018 REcon

Mess with the best, die like the rest (mode)

This presentation will talk about how custom Southbridge silicon, responsibe for background downloads while main SoC is off, didn’t help to secure Playstation 4. It will explain how a chain of exploits combined with hardware attacks will allow code to run in the context of the secure bootloader, extract private keys, and sign a custom kernel.

Original Link: https://recon.cx/2018/brussels/talks/die_mode.html

Slides: https://github.com/hwroot/Presentations/blob/master/Mess%20with%20the%20best%20die%20like%20the%20rest%20mode%20by%20Volodymyr%20Pikhur%20-%20REcon%20Brussels%202018.pdf