Anil Kurmus

@kurmus

Systems Security . Speculative exec, kernels, filesystems, exploitation, mitigations, applied crypto. Opinions are mine only. 0x381A1757

Zurich
researcher.ibm.com/researcher/vie…
Vrijeme pridruživanja: rujan 2008.
11 fotografija ili videozapisa Fotografije i videozapisi

Tweetovi

Blokirali ste korisnika/cu @kurmus

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @kurmus

  1. proslijedio/la je Tweet
    30. sij

    Arvind Krishna Elected IBM Chief Executive Officer

    8 replies 124 proslijeđena tweeta 235 korisnika označava da im se sviđa
    Poništi
  2. 24. sij

    It's 2020 and people are still working on kernel CFI. The (Linux) kernel has just too much access for CFI to be a reasonable tradeoff. For example it has been shown that one can gain privesc by corrupting targeted FS blocks . <Ostrich sticks head in sand>

    15 korisnika označava da im se sviđa
    Poništi
  3. proslijedio/la je Tweet
    15. sij

    The paper submission deadline for is in one month! Great conference at a great location (Lisbon). Check the

    13 proslijeđenih tweetova 9 korisnika označava da im se sviđa
    Poništi
  4. proslijedio/la je Tweet
    23. pro 2019.
    Odgovor korisniku/ci

    The OpenBSD thing reminds me of this paper but our system would not break any runtime as it would just verify that the syscall actually exists in the binary on disc

    1 proslijeđeni tweet 2 korisnika označavaju da im se sviđa
    Poništi
  5. proslijedio/la je Tweet
    4. pro 2019.

    We compiled a long list of Threats to Validity/Relevance in Security Research for our students, building on common sense & our papers on malware experiments and on benchmarking (and inspired by 's excellent blog). Perhaps useful for others?

    66 proslijeđenih tweetova 95 korisnika označava da im se sviđa
    Poništi
  6. proslijedio/la je Tweet
    2. pro 2019.

    Is there any public list/repository/whatever in which the instructions for different archs are semantically divided into categories? Something like: intel_64_arithmetic = ["add", "sub", ...] intel_64_stack = ["pop", "push", ...]

    7 proslijeđenih tweetova 7 korisnika označava da im se sviđa
    Poništi
  7. 2. pro 2019.

    1d690299dc9a0ce97a7fffc5cb3e53bdc9c0004ef7f57f377957cafb8a0d0ae5

    3 korisnika označavaju da im se sviđa
    Poništi
  8. 28. stu 2019.

    This tool has proven to be very useful for us in analyzing speculative execution attacks. We've open sourced it, so give it a try if you're working in this field and let know what you think :)

    "Speculator: A Tool to Analyze Speculative Execution Attacks and Mitigations" by Mambretti et al. presents a tool aiming to be the GDB of speculative execution. The tool is freely available on Github: , , , (3/4)
    Prikaži ovu nit
    5 proslijeđenih tweetova 27 korisnika označava da im se sviđa
    Poništi
  9. proslijedio/la je Tweet
    7. stu 2019.

    Just turned 30 y-old in Tokyo meanwhile speaking about speculative exec attacks at with and celebrating with lots of great folks! Special thanks to for inviting us, organizing such great event and for the amazing surprise cake! Indeed an amazing day!

    2 proslijeđena tweeta 20 korisnika označava da im se sviđa
    Poništi
  10. proslijedio/la je Tweet
    31. lis 2019.

    So the Rust compiler generates the following piece of assembly, which seems to copy data from a location in the stack to a new location in the stack, and then back to the original location [thread].

    4 proslijeđena tweeta 3 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  11. proslijedio/la je Tweet
    13. lis 2019.

    The complete program for ACM CCS 2019, workshops, and social events is up!

    1 reply 19 proslijeđenih tweetova 36 korisnika označava da im se sviđa
    Poništi
  12. proslijedio/la je Tweet
    13. kol 2019.

    You can find the papers here.

    24 proslijeđena tweeta 58 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  13. proslijedio/la je Tweet
    13. kol 2019.

    Uploaded the slides for my WOOT'19 talk. Thanks and for inviting me. If you're doing offensive research, I encourage you to submit your work to WOOT next year. It's great!

    1 reply 38 proslijeđenih tweetova 94 korisnika označavaju da im se sviđa
    Poništi
  14. proslijedio/la je Tweet
    13. kol 2019.

    Here the slides!

    For those into speculative execution attacks, we have two new exploitation methods using the I$ and BTB as side channels. Come and listen to 's talk on Monday at . /cc @tracenbreak
    Prikaži ovu nit
    1 proslijeđeni tweet 2 korisnika označavaju da im se sviđa
    Poništi
  15. proslijedio/la je Tweet
    12. kol 2019.

    It's been one year since we launched our continuous bug-finding competition, ! We've spent the past year learning all we can about bugs and bug-finding and tomorrow morning, I'll be presenting some of what we've found at

    12 proslijeđenih tweetova 23 korisnika označavaju da im se sviđa
    Poništi
  16. proslijedio/la je Tweet
    12. kol 2019.

    “We also verify that hardening the configuration of applicable mitigations (STIBP in this case) is an effective mitigation, making a case for their wider adoption.”

    The paper is now publicly available at
    1 proslijeđeni tweet
    Poništi
  17. 12. kol 2019.

    The paper is now publicly available at

    For those into speculative execution attacks, we have two new exploitation methods using the I$ and BTB as side channels. Come and listen to 's talk on Monday at . /cc @tracenbreak
    Prikaži ovu nit
    15 proslijeđenih tweetova 35 korisnika označava da im se sviđa
    Poništi
  18. proslijedio/la je Tweet
    12. kol 2019.

    Followed by Mambretti et al.'s Two methods for exploiting speculative control flow hijacks

    1 reply 3 proslijeđena tweeta 9 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  19. 9. kol 2019.

    Erratum: Matthias Neugschwandtner is on twitter :)

    5 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  20. 9. kol 2019.

    For those into speculative execution attacks, we have two new exploitation methods using the I$ and BTB as side channels. Come and listen to 's talk on Monday at . /cc @tracenbreak

    38 proslijeđenih tweetova 99 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi

@kurmus još nije objavio nijedan Tweet.

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·