Arbitrary Speculative Code Execution with Return Instructions
☆175Jan 23, 2024Updated 2 years ago
Alternatives and similar repositories for retbleed
Users that are interested in retbleed are comparing it to the libraries listed below
Sorting:
- Proof-of-concept implementation for the paper "CacheWarp: Software-based Fault Injection using Selective State Reset" (USENIX Security 20…☆65Aug 12, 2024Updated last year
- This repository contains exploit and reverse-engineering source code regarding the Spectre-BHB/Branch History Injection vulnerability☆121Apr 12, 2022Updated 3 years ago
- Artifact of "Indirector: High-Precision Branch Target Injection Attacks Exploiting the Indirect Branch Predictor" [USENIX Security 2024]☆64Aug 9, 2024Updated last year
- Proof-of-concept implementation for the paper "Efficient and Generic Microarchitectural Hash-Function Recovery" (IEEE S&P 2024)☆33Aug 30, 2023Updated 2 years ago
- ☆75Mar 11, 2024Updated last year
- Using Data Memory-Dependent Prefetchers to Leak Data at Rest☆38Sep 6, 2022Updated 3 years ago
- oo7, a binary analysis tool to defend against Spectre vulnerabilities☆34Oct 16, 2020Updated 5 years ago
- Spectre based on Linear Address Masking☆68Dec 4, 2023Updated 2 years ago
- Training in Transient Execution and PhantomCALL, from Inception (SEC'23) Artifacts.☆41Feb 19, 2024Updated 2 years ago
- Materials from the DEF CON 30 talk on PACMAN☆34Oct 28, 2022Updated 3 years ago
- ☆34Apr 14, 2025Updated 10 months ago
- BinRec: Dynamic Binary Lifting and Recompilation☆149Sep 18, 2023Updated 2 years ago
- Artifacts for "ZenHammer: Rowhammer Attacks on AMD Zen-based Platforms" (USENIX Security '24).☆60Jun 19, 2025Updated 8 months ago
- ☆113Jul 16, 2023Updated 2 years ago
- A binary analysis framework written in Rust.☆175Feb 22, 2026Updated last week
- Revizor - Hardware fuzzing for the age of speculation☆179Feb 23, 2026Updated last week
- Artefacts for: "VMScape: Exposing and Exploiting Incomplete Branch Predictor Isolation in Cloud Environments"☆36Oct 17, 2025Updated 4 months ago
- InSpectre Gadget: in-depth inspection and exploitability analysis of Spectre disclosure gadgets☆60Feb 20, 2026Updated last week
- Abusing exceptions for code execution.☆113Jan 30, 2023Updated 3 years ago
- Python bindings for BochsCPU☆38Aug 10, 2025Updated 6 months ago
- Hooking the GDT - Installing a Call Gate. POC for Rootkit Arsenal Book Second Edition (version 2022)☆73Aug 11, 2023Updated 2 years ago
- ☆70Jul 4, 2024Updated last year
- Modern C++, range-based Mach-O parser designed for embedded use. Uses stack allocations only.☆34Oct 31, 2022Updated 3 years ago
- ☆20Nov 27, 2023Updated 2 years ago
- ☆79Jul 26, 2022Updated 3 years ago
- A Unit-Based Symbolic Execution Method for Detecting Memory Corruption Vulnerabilities in Executable Codes☆43May 7, 2023Updated 2 years ago
- Binary Ninja plugin for visualizing coverage over time☆25Jan 15, 2022Updated 4 years ago
- automates exploits using ROP chains, using ntdll-scraper☆16May 26, 2022Updated 3 years ago
- A KISS Rust crate to parse Windows kernel crash-dumps created by Windows & its debugger.☆42Jan 2, 2026Updated last month
- Quokka: A Fast and Accurate Binary Exporter☆210Updated this week
- ☆48Dec 19, 2018Updated 7 years ago
- Recursive MMIO VM Escape PoC☆171May 13, 2022Updated 3 years ago
- Proof-of-concept code for the SMoTherSpectre exploit.☆77Nov 12, 2019Updated 6 years ago
- uefi diskless persistence technique + OVMF secureboot bypass☆95Apr 22, 2024Updated last year
- A simple hypervisor demonstrating the use of the Intel VT-rp (redirect protection) technology.☆114Mar 28, 2024Updated last year
- Open-source symbolic execution framework: https://maat.re☆648Feb 22, 2026Updated last week
- IDA Pro plugin to make bitfield accesses easier to grep☆254Aug 3, 2025Updated 6 months ago
- High-performance QEMU memory and instruction tracing☆554Jul 26, 2024Updated last year
- ☆48Jun 30, 2020Updated 5 years ago