Want to know what happens when commercial TEEs meet improvised DRAM memory interposers? SGX mayhem including attestation key extraction. Please DO try that at home😉. Check out our work at https://t.co/JyvHP48nez

Have an Apple device from the last few years? We have a new side channel attack for you. Checkout our work at https://t.co/7absarR2DO Joint work with Jason Kim, Jalen Chuang and Yuval Yarom (@yuvalyarom). Could not have asked for a better team!

Our work on page walk side channels was accepted at @IEEESP 2025 (#ieeesp2025)! The full paper is now available at: https://t.co/15cICFDfpn and our code is available at: https://t.co/cz5j6JPRYb

Excited to present "Pathfinder: High-Resolution Control-Flow Attacks Exploiting the Conditional Branch Predictor" at @ASPLOSConf with Archit Agarwal, Max Christman, @CryptoGPS, @DanielGenkin, Andrew Kwong, @flowyroll, @deiandelmars, @mktaram and Dean Tullsen. (1/4)🧵

https://t.co/OmHFQbmyVk happening now @RealWorldCrypto. Come see Boru Chen (@blue75525366) talking about breaking constant time crypto using fancy prefetchers on Apple CPUs

Ever wondered what happens when side-channel resistant code meets a fancy prefetcher? Checkout our paper breaking constant time crypto on Apple CPUs. https://t.co/PFKOMkBDDV Joint work with Boru Chen, @YingchenWang96, @PradyumnaShome, Chris Fletcher, @dkohlbre, @ricpacca

I'm very thankful to the @SloanFoundation for recognizing my research. Could not have done it without my awesome students, great collaborators, and wonderful mentors. Checkout our research group that made this possible at

Microarchitectural unboxing: check out our new demo for breaking two factor authentication using iLeakage. Yes you heard it, speculative execution attacks on Apple’s M3 Macs and latest Safari that defeat Facebook’s 2FA over SMS. https://t.co/R0n2LareR3

Goodbye WOOT the Workshop, hello WOOT the Conference! Excited to be a part of this legacy and this new beginning.

WOOT! Big news! Starting 2024 WOOT will be @USENIX WOOT Conference on Offensive Technologies! WOOT '24 will be on August 12-13 2024, colocated with USENIX Security WOOT '24 will be co-chaired by @noopwafel (@intel) and @adamdoupe (@ASU <= corrected!) https://t.co/ggdyXs40Ck

For those wondering if Apple’s iOS/iPadOS 17.1 and macOS 14.1 released yesterday protect against https://t.co/R0n2LareR3? We took a look for you, the answer is no. Devices are still vulnerable.

iLeakage: Speculative execution attack on Safari, iPhone, iPad and Mac, allowing a hostile website to extract your passwords and other secrets. https://t.co/LYApQf1YD4 The only way to be safe is to stop using Safari: At the time of public release, Apple has implemented a

Also we now have a group website

After more than a year of embargo we can now show you how speculative attacks can extract sensitive information from the Safari browser on @Apple platforms. Check out our latest paper https://t.co/R0n2LareR3. Great work by Jason Kim, @themadstephan and @yuvalyarom.