We just won TWO @PwnieAwards!! - Best Desktop Bug for https://t.co/VcI53G6B56 - Most Interesting Research for our "Custom Processing Unit" research We are overwhelmed by such a great recognition for our work ❤️ @0xhilbert @marv0x90 @mlqxyz @lavados @misc0110

Are you interested in bleeding-edge microarchitecture offensive security research, with a concrete impact on user security? We have just opened a Microarchitecture Security Internship position at Apple, in SEAR LASER! ❤️‍🔥 Apply here:

Spreading love against memory corruption through the whole stack! From the software deep down the microarchitecture It has been an insane journey improving the security of millions of people 🔥 https://t.co/WAhhO6oc7x

This is one of the coolest talks I have seen in a while! Incredible research 🔥

Disclosing Branch Predictor Race Conditions (BPRC), a new class of vulnerabilities where asynchronous branch predictor operations violate hardware-enforced privilege and context separation in virtually all recent Intel CPUs. @wiknerj @kavehrazavi : https://t.co/sbI0Iqb2PS

V8 Security is hiring in Warsaw! If you want to work on improving our JavaScript and Wasm fuzzers, check out the links below!

Here are the details about the AMD Signature verification vulnerability we worked on, Enjoy! https://t.co/b9CPWqIEzO

HW defenses against Spectre are tricky: they need to be applied correctly by the SW, and we need to trust that the HW does what its supposed to. Our latest work "Breaking the Barrier" exploits loopholes in both of these issues on Intel and AMD parts. https://t.co/DBzOXdf75h

📢 Calling all Sponsors! Get mhackeroni to the DEF CON 32 CTF finals 🚩🍝 Would you like to be a part of moving the kitchen to Las Vegas this summer & secure a spot for your logo in our highly-demanded t-shirt? Contact us! Your favourite Italian Acheri™️ need your help!

Want to learn about security artifacts? 🤖🧪🚀 @NDSSSymposium seeks enthusiastic Artifact Evaluation committee members (PhD/graduate students, postdocs, industry researchers) to review cutting-edge research materials. Apply by May 31st: https://t.co/WsgASbb2HS RTs appreciated 🙏

Can a malicious cloud provider send bad notifications to break confidential VMs? Disclosing #AhoiAttacks that break confidential computing offered by AMD SEV-SNP and Intel TDX by abusing interrupt delivery. Check our @USENIXSecurity & @IEEESSP papers. https://t.co/wxr7rBWX7U

Had a blast this past weekend at @h2hconference talking about the basics of CPU vulns and about my experience analyzing a couple vulns from @taviso - you can check my slides at https://t.co/OpvgC3CoCW (they are not just about Reptar though!) and PoCs: https://t.co/L2SHjd7s2b

New paper with @borrello_pietro @dcdelia @balzarot @lquerzoni @c_giuffrida! "Predictive Context-sensitive Fuzzing" introduces compile time context sensitivity to fuzzing w/ selective prioritization using dataflow diversity. Will appear at NDSS24, get it at

Disclosing #SLAM, aka how to combine Spectre and Intel LAM (& co.) to leak kernel memory on future CPUs (demo below). Thousands of exploitable "unmasked" (or pointer chasing) gadgets in the Linux kernel. Joint work by @MatheHertogh @SanWieb @c_giuffrida: https://t.co/8sgL8t8eC5

Come work with us in beautiful Amsterdam! We have a new faculty position in Security research @VUamsterdam. The specific research topic is flexible and synergies with @vu5ec topics are welcome. Feel free to DM for details.

If you are interested in uArch Security, we just opened an internship position at @Apple! The position is focused on offensive research, and you will be contributing to the security of some of our most advanced CPUs in one of the coolest teams. Apply at:

🔺New on the Apple Security Research blog: a brief technical overview of iMessage Contact Key Verification!

reposting now that my twitter cards work! blog post about exploring the local branch predictor on my M2 MBP

With @mhackeroni we won the first CTF pwning a satellite in space 👀 An insanely cool competition organized by @hack_a_sat at @defcon, even with cpu side channels in orbit 🤯

Dropping #Downfall, exploiting speculative forwarding of 'Gather' instruction to steal data from hardware registers. #MeltdownSequel - Practical to exploit (POC/Demo) - Defeat all isolation boundaries (OS, VM, SGX) - Bypass all Meltdown/MDS mitigations. https://t.co/udgnfAWCE2

I am happy to announce that Collide+Power, our new and generic software-based power side-channel technique, has been accepted at @USENIXSecurity 2023 #usesec23. https://t.co/yZukJ3esgf