Overview
Syllabus
Intro
Overview
The S1 Platform: Autonomous Endpoint Protection
Multiple Types of Detection Engines
Fun little analogy from Zootopia
Memory (High Level Concept)
Notional Intel Data Cache
Side Channel Attacks
Memory Side Channel Timing Attack
Flush + Reload - Major Advantages
Speculative Execution - Practical Analogy
Toy Example Provided in Meltdown Paper
Meltdown (High Level Concept)
Analyzing POC Code
perf_events
Malicious Caching Behavior
Page Fault Behavior
Fingerprinting
Why Release?
Blacksmith
Challenges
Feedback
Lessons Learned / Outcomes
If you could do this again... what would change?