15:00 — 16:00
Wake up, Neo: detection of virtualization via speculative execution
There have been several Speculative Execution vulnerabilities allowing to read privileged data from kernel mode, as well as other processes and even hypervisors. However, there are several more ways in which speculative execution can be leveraged by adversaries. I have discovered one such technique, which allows the attacker on the system to get information allowing them to evade detection by modern sandboxes and AV software. This technique led to the discovery of Spectre Variant 3a virtualization detection vulnerability in Intel CPUs but can also be used in a few more ways. In this talk I'll explain the principles behind speculative execution vulnerabilities and talk about the detector technique.