AnC wins Pwnie Award at Blackhat USA 2017

AnC won the 2017 Blackhat Pwnie award in the category Pwnie for Most Innovative Research. Luckily, Victor was there to receive this award on behalf of the AnC team!

To quote the pwnie award site:

  • Credit: Ben Gras, Kaveh Razavi, Erik Bosman, Herbert Bos, Cristiano Giuffrida

    Exploit writers have been bending over backwards to try to defeat ASLR for the better part of a decade. Usually this requires finding some soon-to-be-patched memory disclosure bug. Of course this is a hard job and needs to be repeated for different browsers/plugins/versions/etc. Then these guys come along with a universal ASLR bypass based on timing of the caching of memory access. Of course this works using Javascript in most browsers by default and isn’t really something you can fix very easy. Seems too easy, I think I’ll keep looking for infoleaks like a real hacker.

Vusec is proud of the industrial and scientific recognition of this work.

DRAMMER wins pwnie award at Blackhat USA 2017

DRAMMER won the 2017 Blackhat Pwnie award in the category  Pwnie for Best Privilege Escalation Bug. Luckily, Victor was there to receive his award in person!

To quote the pwnie award site:

  • Credit: Victor van der Veen, Yanick Fratantonio, Martina Lindorfer, Daniel Gruss, Clementine Maurice, Giovanni Vigna, Herbert Bos, Kaveh Razavi, Cristiano Giuffrida

    Mobile computing row hammer attacks (MC Hammers, for short) are terrifying. You can’t touch them and can only hope that, please, they won’t hurt you.

Vusec is proud of the industrial and scientific recognition of this work.

Drammer wins the Dutch Cyber Security Research Paper Award!

ICT Open

During the ICT.Open 2017 conference in de Flint Amersfoort, Victor won  the best Dutch Cyber Security Research Paper (DCSRP) award for Drammer. Published at the CCS’16 conference in Vienna, Drammer shows hardware bit flips on mobile devices and their reliable exploitation for the first time.

DCSRP recognizes the best recent non-commercial scientific cyber security research paper in the Netherlands. More information can be found here.

ASLR^Cache or AnC: A MMU Sidechannel breaking ASLR from Javascript, and media coverage

Today we announce ASLR^Cache, a MMU sidechannel exploiting a micro-architectural property of all modern CPU models. This signal is even visible from Javascript and breaks ASLR in sandboxed environments. The name ASLR^Cache (or simply AnC) is a reference to the fact that ASLR and CPU caches are mutually exclusive on modern architectures. For more information, please see our AnC project page.

Press outlets and other organisations have picked up on this work: wiredarstechnica, ACM Tech NewsNCSCbleepingcomputer.comTom’s Hardwaresecurity.nltheregistertweakers.netdigitaljournal.comCSO Australiahackadayslashdotsecurityweek.comheise.detheinquirer.netitnews.com.au, eejournal.comhabrahabr.ruimpress.co.jppaper.li, boingboing.net.

Also some of our favourite podcasts picked it up: securitynow episode 600,  ISC Internet Storm Center podcast, risky.biz episode #444.