Talk will briefly explain previously related work of L1TF vulnerability and how writing proof-of-concepts is actually the least fun part of processor software side-channels. Techniques and methodologies will be shared that led to discovery of MDS (Microarchitectural Data Sampling) vulnerabilities CVE-2018-12130, CVE-2019-11091. What one should pay attention to and how understanding of results and its validation is the most important factor.
Original Link: https://talks.toorcon.net/toorcon21/talk/KE9SYU/
This presentation will talk about how custom Southbridge silicon, responsibe for background downloads while main SoC is off, didn’t help to secure Playstation 4. It will explain how a chain of exploits combined with hardware attacks will allow code to run in the context of the secure bootloader, extract private keys, and sign a custom kernel.
Original Link: https://recon.cx/2018/brussels/talks/die_mode.html