Exec ASLR - Abusing Intel Branch Predictors to Bypass ASLR

Explore a new spectre v2 based technique for bypassing Address Layout Randomization (ASLR) on Intel CPUs in this 46-minute conference talk from Ekoparty 2022. Delve into the exploitation of branch predictors and speculative execution to overcome ASLR's memory corruption attack mitigation. Examine how attackers can pollute the branch target buffer and how victims can trigger branch misprediction in the attacker process, leading to speculative jumps to protected addresses. Gain insights into x86 internal topics, including side channel attacks, speculative and out-of-order execution, through demonstrations and research findings. Learn from José Luis Oliveira, a cybersecurity analyst at PRIDE Security, as he shares his expertise in this cutting-edge security research.