Today was my last day going to the office at Intel (I will still be available for my team til the end of the month). Soon I will talk about the next steps! Sad to leave the amazing behind, but excited with the new challenges ahead.
Follow
Click to Follow bsdaemon
Rodrigo Branco
@bsdaemon
Just an opinionated security researcher. Opinions are my own
H2HC (Hackers 2 Hackers Conference)
Rodrigo Branco’s Tweets
Today was my last day. Spent the entire day meeting folks and mostly saying good byes (I gave notice a while ago so everything project-related was already properly transferred). While it was an overall sad day, I am super thrilled that I'm starting monday at Google!
So, after a lot of problems, delays and overall expectation, I've got my green card today! (this time, the actual card is really in my hands, not just approved - for those who do not know: after it got approved, it took many months full of problems to finally receive it).
I've just completed 2 weeks at Amazon. The culture is impressive. People are great and the speed is amazing. I am really proud and glad to be a part of it #bepeculiar
Quote Tweet
"Amazon is the best place in the world to fail!"
#bepeculiar twitter.com/samuelkarp/sta…
My first public write-up as Google: github.com/google/securit - Very small, nothing big/special, thanks to
It is with mixed feelings that I say that this coming week will be my last one with AWS (after a bit longer than 2 years). I've made real friends, worked on amazing challenges and with outstanding engineers. I start the next week on my new journey!
We (AWS) are looking for folks interested in low-level software devel positions. Specifically in enabling security features at platform-level (experience with BIOS, TPM, secureboot and related tech is a plus). C/C++/Asm (x86 and/or arm) is a must. Reach out in priv8 to discuss
The slides for my keynote at Hardwear.io are available (as all others) - it has a few less known stories on uarch/HW security: bit.ly/HardwearKeynot
I've created a git repo with the history of PaX and Grsecurity Public Patches (including Documentation and Scripts):
I'm a Latino immigrant in the US. I was welcomed and made real friends. I did face discrimination in few occasions and it is incredible how awful it feels (even though I'm very privileged). I stand with *ALL* minorities because the difference makes the whole stronger, not weaker.
Com muito pesar, tomamos a dificil decisao de cancelar novamente a H2HC devido ao Covid. Leiam a carta completa em h2hc.com.br/covid estara de volta em Outubro de 2022 em Sao Paulo #H2HC2022
Article "Security Issues and Challenges for Virtualization Technologies" (ACM Surveys). Recommended for anyone interested in the topic to better understand the technologies, bug classes and mitigations (lots of additional references). Link: link.growkudos.com/1c3buf7d5hc
Team members that deserve credit as well (in no special order): Ke Sun (), , Gabriel Barbosa () and Henrique Kawakami ()
Quote Tweet
Great to see @bsdaemon's offensive security research team at Intel getting some well-deserved attention :) wired.com/story/intel-me
Writing exploits is really my passion. It is impressive how the time flies when I am doing it.
Intel Security Conference Call for Papers #Intel #SecurityFirst #ISecCon2018 bit.ly/iseccon2018 (Tech Committee: @shaygueron plus Shay Gueron, Martin Dixon and Deepak Gupta)
Google embargo on another linux kernel issue found by and I finally lifted... here is the advisory:
This is officially my last week at Google. I had the opportunity to work with brilliant engineers that really care about improving the state of things. I am sure the team will continue challenging the status quo.
I'm glad to say that is sponsoring #H2HC2019 again this year (16 years of the conference)! Thank you for the support and trust!
What a honor! I am really looking forward to the conference.
Quote Tweet
Super excited to 
Welcome Rodrigo Branco @bsdaemon as our Keynote Speaker
Watch out for the title to be out soon
bit.ly/3UCENgz
#hw_ioUSA2023 #hardwaresecurity #embedded #Conference
So Phenoelit, Teso, THC, RISE Security all in the same venue?? Together with P0, ZDI, Zerodium, Talos, DARPA and many other top security researchers? Only #offensivecon
Just uploaded the slides for the talk "Building High Performance Security Research Teams" in #HITBCyberWeek - Due to logistics problems the talk did not happen. Thanks for replacing me last minute: You are super! bit.ly/hitbcyberweek
Your career is a combination of your performance, your persistence and your exposure
#H2HC2018 15th Edition! Talks Announced and Agenda published (thanks to all researchers who submitted). New training announced: The Shellcode Lab (traditional and for the 1st time in Brazil with steep price discount).
A lot of folks asked to release the image used in the banner of the past edition of the magazine, so we did (high res in the link, low res in the tweet)! h2hc.com.br/wallpapers/Rev #H2HC2022
#H2HC2018 Inscricoes Abertas para a 15a Edicao da Hackers to Hackers Conference (H2HC): goo.gl/ZsZYa8
Thanks to the great ability of Brazilians to adapt and deliver without plans, we got a house (literally now) and will do a private conference (open bar, food, free as it gets, CFP open, 30 min talks) #H2HCPriv8 #H2HC2019 . Support from BYOS
A reminder that the CFP for the 16th Hackers to Hackers Conference ends in 15 days! Send your goodies: we cover the travel, have simultaneous translation, open bar (including juice/soda/water) and are very welcoming to our speakers that lead the show!
As was known since spectre but unfortunatelly kept "secret" by corporate culture by both Intel and AMD. It is time for openness. No more hidding knowledge.
Quote Tweet
This is opens the pandora box. I wish Intel was more open on ucode capabilities, threat model and overall implications. It is possible to do that without losing competitive advantage. Just need a management and tech leadership that understands security instead of moving backwards
Quote Tweet
Finally, the casket is opened: we (+@h0t_max and @_Dmit) have extracted Intel x86 microcode! One more Intel "top secret" information gets revealed...
github.com/chip-red-pill/
#H2HC2019 Keynotes Announced: Dino Dai Zovi ( ) and Fermin J. Serna ( ). This year is already trending towards amazing! h2hc.com.br
Our manuscript on cache-related security analysis has just been published. It does touch speculation but covers other classes of cache problems and offers a way to think about the different issues. Took more than 4 years from inception to publication
Having lead the work on making sure CET implementation itself is secure, I must say it is one of the most complex pure core tech. Touches a lot of different points.
H2HC Magazine 12a (#H2HC2017 - 14a edicao do evento) e 13a Edicoes (#H2HC2018 - 15a edicao do evento) finalmente online: bit.ly/h2hcmagazine
We've just released the PCIe Device Security Enhancements Specification 0.7 (bit.ly/pcidevicesecur). Feedbacks are, as usual, very welcome.
Trend Micro and partnered for the Capture the Flag. #H2HC2018 will host the Latin America edition of a global competition organized by the Trend. Winner team will compete in Japan (with the whole trip sponsored). Details TBA soon.
MPX is now deprecated from the linux kernel, gcc and glibc... What lessons Intel should have learned from the failure of that tech? And from the failure of TXT? And even SGX? As an industry, which security tech is really needed from the HW?
Marion Marschalek () is confirmed 15th Edition #H2HC2018 - Talking about GCC Internals (bit.ly/h2hconference)
We (AWS) are looking for individuals interested in development of technologies for program analysis (mostly at source code level). PhD or practical (demonstrated) experience in the area required. Interested? Reach out privately and I will gladly connect.
I am a big fan of Arnold. I think his speech says everything I would like to say about the matter.
Quote Tweet
Sometimes people ask my advice on career. I guess the best I can offer is work with great people. Focus on the team, more than on the company or the problem. Great people inspire the best out of us.
H2HC 17th Edition Call for Papers Officially Open (Conference in the end of October)! We cover speaker's travel to Brazil. Come and be a part of the oldest security research conference in Latin America. CFP page: h2hc.com.br/h2hc/en/submis #H2HC2020
I really like the "Kernel Exploit Recipes"... my style of cookbook
The is now oficially a non-profit organization, with formal statutes and entity. Besides the conference, open-source projects and research grants are coming soon. Volunteers only, no entity related costs.
Quote Tweet
Durante a #H2HC2022 nos anunciamos que agora somos oficialmente uma ONG! (Ja operavamos como tal mas agora realizamos todos os passos burocraticos para a abertura oficial da entidade). Varias novidades vindo por ai!
As a wrap-up of our pending releases before departure we've just released the kCFI project for the Linux Kernel (bit.ly/intelstormkcfi) and the Randpoline support for LLVM (bit.ly/intelstormrand), both by
We've just published the video for Bazhaniuk's ( talk in #H2HC2017 (Software Attacks on Different Type of System Firmware) - (bit.ly/bazhaniukh2hc2)
Nitro Enclaves is an interesting approach at trying to simply the problem of code isolation. I personally believe that simplicity and openness are core tenets for a secure technology. Maybe AWS is into something... feedbacks are always welcome:
We've just published the video for Matrosov's ( ) talk in #H2HC2017 (Betraying the BIOS: Where the Guardians of the BIOS are Failing) - (bit.ly/matrosovh2hc20)
Os treinamentos da #H2HC2019 foram finalmente lancados (#postexploitation #webhackingavancado, assim como o primeiro lote de palestras anunciados! Cheio de novidades, nao percam as oportunidades! h2hc.com.br
Well, Intel had the biggest exodus of top security researchers that I ever saw in my career. And it was not like they all left to open their own company. They literally left their top management. I hope the few that stayed remain strong and manage to revert the damage.
Quote Tweet
New #vulnerability for @intel SGX security technology. The most disturbing aspect is not the vuln itself, but how Intel has responded. Pure denial.
As a shareholder and former employee, I am gravely disappointed! Do better.
youtu.be/KK2RrBMnSbU #cybersecurity #infosec
This is the content that anyone doing anything with Linux must watch. It is time to re-think the security assumptions and how the community is engaged.
Quote Tweet
A recording of today's presentation of "10 Years of Linux Security - A Report Card" is now available to view here: youtu.be/F_Kza6fdkSU PDF: grsecurity.net/10_years_of_li PPT: grsecurity.net/10_years_of_li
read image description
ALT
It will be great to come back to Russia and meet this amazing security research community and my many friends in the area!
Quote Tweet
Dear friends, Introducing the keyout for the second day of the conference OFFZONE2019 - Rodrigo Branco @bsdaemon, chief security researcher at #Intel #OFFZONE2019 tickets are still subject to Early Birds discount 
offzone.moscow/2019-tickets/
offzone.moscow/2019-tickets/
The Call for Papers is open for the 16th edition of Hackers to Hackers Conference in Brazil, the oldest hacking con in Latin America. Incredible technical committee and content. True community spirit. Many more things than we announce ;) #H2HC2019
This research is oustanding. It enables a lot of other deep dives in the uarch. I hope it also forces more openness: for example, what are Intel's responses? Implications? Recommendations?
Quote Tweet
Today we're[+@_markel___ and @_Dmit]disclosing the technique allowing to modify #Intel #Microcode on the fly! For the first time you have the ability to intercept control flow at such a low level. We've developed the microcode patch that changes the processor model string as PoC
1:11
The CPU research team at Google continues at full speed ahead. Great work. Lets see if erratas start getting better analyzed for their security implications.
Quote Tweet
I couldn't understand why AVX registers were randomly going back in time on Ryzen, turns out it's a known CPU errata 
lkml.org/lkml/2023/2/22
lkml.org/lkml/2023/2/22I want to use the opportunity to send a wave of praises for all the woman in the hacking community. Special thanks for inspiration to the ones in committee ( and Meredith). And to the ones in STORM ( and Parisa).
In all the craziness of the work, noise of the news, etc,I wanted to praise 4 individuals in this whole saga: Jann Horn (for the brilliant insight and awesome work), Ke Sun, Henrique Kawakami (now at Amazon) and Kekai Hu. And finally the rest of our team,that supported us!
Today I had a few great news at work that clearly showed me how awesome Google can be. I'm starting to understand why so many researchers work here for so long #HappyDay
Today I'm thinking that leadership is hard. I have a #1 rule in any team that I work at: No one overworks me. Meaning: I work at least as hard as I ask my team to do. I do not ask them to stop working (motivation is key), but if they continue, so do I. What is yours?
And to be clear: My criticism to both Intel and AMD PSIRTs is only to their director and above levels. The individual contributors there are a fine bunch and would love to be able to do the right things but their management wont let them.
#H2HC2020 17th Edition - Registrations finally open! bit.ly/h2hc2020 - Follow the conference on social media for talk announcements (Twitter/Instagram/Facebook/Linkedin):
PoC || GTFO mirror updated with 0x18 (bit.ly/pocgtfo) and PaX ()/ history repo (bit.ly/paxgrsecurity) updated with pull request from HacKurx (thanks!)
Glad that took my question to the industry seriosly and analyzed major firmware for the rsb stuffing. As expected, the industry coordination is not truly happening:
Intel updated the credits on the SRBD/Cross-Talk issue to ack that , , and I found it independently. Late as usual, but better so we avoid the news cycle. Sad that from the team originally working on side-channels, only one person remain at Intel
#OffensiveCon19 is amazing as usual. Great atmosphere, great talks, excellent people around. Thanks Miguel and Lukas for being such a great hosters
The video for the talk is available. I hope folks enjoy and feel free to send me feedback, comments, criticisms (privately or publicly, either way is welcome!)
Quote Tweet
Keynote talk upload! 
Hear out interesting lesser known µarch & hardware security stories by our Keynote speaker Rodrigo Branco @bsdaemon from his rich experience
Click to watch
youtu.be/WlcQrx7VK00
#hw_ioUSA2023 #hardwaresecurity #Conference #microarchitectureVisited base today with and . Friendly soldiers explained a lot to us. Proud of being Brazilian and having such an eleet police force #H2HC2018
I had a blast in Hungary. Excellent conference and great researchers around.
Quote Tweet
Throwback to #Hacktivity2018. Check out the keynote presentation of Rodrigo Branco (@bsdaemon) about How Offensive Security is Defining the Way We Compute. bit.ly/2IO7ljZ
Sometimes I feel that real-life has the same classes of vulnerabilities as computers: Agenda Overflow, Meeting of by a Few, Resources Race Condition and Resource Allocation Use After Free. I guess I should have finished my fun paper on brain overflow after all.
ow!! Having one of the researchers that you really admire and get inspiration from saying something like that was the best birthday gift I could receive!! thank you man!!
Quote Tweet
Happy birthday to my awesome friend and even awesomer InfoSec thought leader and kickass exploit and platform security guru, @bsdaemon. The kindest and humblest person in this industry that I can think of. I try to be more like you every day.
Ah! Interesting piece on the research paper we've released (while we did not interact with the media at all, I'm glad to see that the take is very factual based on what we mention on the paper) #WeAreSTORM twitter.com/campuscodi/sta
This Tweet is unavailable.
Want a full support from me in a talk submission on exploit writing? #BHUSA : A practical demonstration against a real life (and relevant) software running in a properly hardened grsec/PaX system (guaranteed slot as well).
I'm glad that AMD updated the credits for the latest side-channel to mention that our team (at the time at Intel) reported the issue about 2 years ago (amd.com/en/corporate/p)
Many found by our team(s)... Ramping up security in many fronts #SecurityFirst
Quote Tweet
#Intel issued 34 fixes for various #vulnerabilities – with seven of those ranking high-severity, 21 ranking medium-severity and five ranking low-severity, in addition to the critical flaw. threatpost.com/intel-fixes-cr
The world seems to be in this path of denying reality. I just heard from a vendor: "We don't know if it is possible, for now it is only a theory". When I know as a fact that the vendor has an actual exploit (not just a PoC, an exploit against a real system, leaking real data)
This! Trying to control the knowledge flow does not benefit the defending side in the long run. It is a very weak and easy to fight off argument, but unfortunately it is one made by many against few (noise ratio and engagement make the argument grow, similar to fake news).
Quote Tweet
Replying to @timb_machine @thegrugq and @tiraniddo
Let me ask you this, where would you be today if we had restricted access to offensive tools and information? I know I'm here because of the exploits, advisories, papers etc people published in the 90s. We can't cut off that pipeline, it will not increase defender count.
I have been meeting awesome folks. It is inspiring and frightining #OffensiveCon23 is just starting and is already awesome!
15th edition of H2HC Magazine, this edition with one article translated to English (about a FreeBSD Kernel bug and how to exploit it)
Quote Tweet
15a Edicao da H2HC Magazine lancada!! 70+ paginas de conteudo tecnico exclusivo: bit.ly/h2hcmagazine15 ( excelente trabalho de nosso editor, @gabrielnb ) #H2HC2021 #H2HConference #H2HCMagazine @h2hconference
This was a fun bug. The bug itself is in VTd. Btw, Gabriel's twitter:
Quote Tweet
#pwnie for Under-hyped research goes to @bsdaemon, Gabriel Barbarosa and Joe Cihula for some deep vulns in SMM and TXT
PCIe Device Security Enhancements - Draft - One of those moments on being part of improving the world at Intel? intel.com/content/www/us
Another academic paper with excellent writing feedback, terrifying technical responses. Declined because implementing an exploit as proof is 'not as important as proposing a mitigation'. But how to convince anyone to invest in mitigating something that no one agrees is a problem?
I've completed one and a half years at - time flies... so much to learn, so much to do. A lot of admiration overall for the company and the people in it #bepeculiar
Let's see if the 'we never saw those bugs used in the wild' mantra from Intel will continue and their excuses for not properly invest and do the right things will keep being acceptable. twitter.com/justinschuh/st
This Tweet is unavailable.
I guess I will need a new shirt now that I do have some Arm problems... or do I have some Arm opportunities? #AWS #Graviton2
