Giters

DrizzleRisk / spectre-attack

Example of using revealed "Spectre" exploit (CVE-2017-5753 and CVE-2017-5715)

Repository from Github https://github.comDrizzleRisk/spectre-attackRepository from Github https://github.comDrizzleRisk/spectre-attack

Spectre Attack Example

Example of using revealed "Spectre" exploit from 2 Jan 2018 (CVE-2017-5753 and CVE-2017-5715)

Spectre breaks the isolation between different applications. It allows an attacker to trick error-free programs, which follow best practices, into leaking their secrets. In fact, the safety checks of said best practices actually increase the attack surface and may make applications more susceptible to Spectre.

Language

C, uses libs:

  • stdio.h
  • stdlib.h
  • stdint.h
  • intrin.h - for rdtscp and clflush

What's example do?

In this example we're putting text "The Magic Words are Squeamish Ossifrage." in memory and then we're trying to read it using exploit. If system is vulnerable, you'll see same text in output, readed from memory.

Sources

About

Example of using revealed "Spectre" exploit (CVE-2017-5753 and CVE-2017-5715)

Languages

Language:C 100.0%