Posts by Collection


Frontal Attack: Leaking Control-​Flow in SGX via the CPU Frontend

Published in USENIX Security, 2021

We introduce a timing side-channel attack in the Frontend of Intel CPU processors, which uncovers measurable differences between instructions that only differ in their adjacent instructions and virtual addresses.

Recommended citation: Ivan Puddu, Moritz Schneider, Miro Haller, Srdjan Čapkun. (2021). "Frontal Attack: Leaking Control-​Flow in SGX via the CPU Frontend" USENIX Security 2021.


SGX Accurate Time Measurements


In my Bachelor’s thesis presentation, I briefly summarize the time measurement improvements inside SGX enclaves that we contributed. Moreover, I discuss our discovery of the “Poor man’s CMOV” phenomenon, which later led to the Frontal Attack.

Revisiting Microarchitectural Side-Channels


This talks presents the results of applying cache side-channels to contemporary hardware and investigating AES lookup tables, AES key scheduling, and Argon2. The slides give a brief overview of the content described in this blog post

Climbing the Hacking /mnt/ain


In this presentation at the Swiss Cyber Storm conference in 2021, I talk about my experiences as team coach of the Swiss National Hacking Team for the European Cyber Security Challenge 2021. In particular, I discuss the team selection, training, and final competition. Furthermore, a team member gives a quick glance into a challenging heap exploitation challenge that our team solved during preparation.