{"guid":"1aa7a4c5-1a3f-444f-99fb-e9c7b4744794","title":"What could possibly go wrong with \u003cinsert x86 instruction here\u003e?","subtitle":"Side effects include side-channel attacks and bypassing kernel ASLR","slug":"33c3-8044-what_could_possibly_go_wrong_with_insert_x86_instruction_here","link":"https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8044.html","description":"Hardware is often considered as an abstract layer that behaves correctly, just executing instructions and outputting a result. However, the internal state of the hardware leaks information about the programs that are executing. In this talk, we focus on how to extract information from the execution of simple x86 instructions that do not require any privileges. Beyond classical cache-based side-channel attacks, we demonstrate how to perform cache attacks without a single memory access, as well as how to bypass kernel ASLR. This talk does not require any knowledge about assembly. We promise.","original_language":"eng","persons":["Clémentine Maurice","Moritz Lipp"],"tags":["Security"],"view_count":5356,"promoted":false,"date":"2016-12-27T11:30:00.000+01:00","release_date":"2016-12-27T01:00:00.000+01:00","updated_at":"2026-03-05T18:00:05.980+01:00","length":3305,"duration":3305,"thumb_url":"https://static.media.ccc.de/media/congress/2016/8044-hd.jpg","poster_url":"https://static.media.ccc.de/media/congress/2016/8044-hd_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2016/1aa7a4c5-1a3f-444f-99fb-e9c7b4744794-timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2016/1aa7a4c5-1a3f-444f-99fb-e9c7b4744794-thumbnails.vtt","frontend_link":"https://media.ccc.de/v/33c3-8044-what_could_possibly_go_wrong_with_insert_x86_instruction_here","url":"https://api.media.ccc.de/public/events/1aa7a4c5-1a3f-444f-99fb-e9c7b4744794","conference_title":"33C3: works for me","conference_url":"https://api.media.ccc.de/public/conferences/33c3","related":[{"event_id":3596,"event_guid":"b8e0eb47-4832-4726-bc9b-9015bd96becf","weight":73},{"event_id":3597,"event_guid":"87092ad2-d3fd-4a37-bb58-1fe71217a06b","weight":110},{"event_id":3598,"event_guid":"f75d0531-ac47-4edd-99bd-9eadd836982a","weight":112},{"event_id":3599,"event_guid":"c54bec28-0cec-4472-9a0f-36be8b626dd7","weight":94},{"event_id":3601,"event_guid":"5a517be2-220b-4eb6-88c3-e7ef08c98ace","weight":121},{"event_id":3602,"event_guid":"48e016a4-5683-4bda-8976-98f1dbf62787","weight":45},{"event_id":3603,"event_guid":"798573a8-f544-48f0-abaf-ebc405f03f4a","weight":62},{"event_id":3604,"event_guid":"1275f046-e52e-4b0b-9f5b-7eb2008b2ec4","weight":50},{"event_id":3605,"event_guid":"61f9d4c6-a3de-4958-a57c-efcf941668fa","weight":40},{"event_id":3607,"event_guid":"64c07cb5-ec19-4972-a2c8-96c0e0df83c6","weight":79},{"event_id":3608,"event_guid":"a0c851a1-b44e-46cb-bbb8-db966bc8639b","weight":34},{"event_id":3610,"event_guid":"56537f49-c8f0-4d73-bdba-d4d8307fc170","weight":46},{"event_id":3615,"event_guid":"74783236-46f4-493c-9574-1b27a44847b7","weight":90},{"event_id":3626,"event_guid":"c3844820-b5ed-4b12-9094-cfc67aff60be","weight":54},{"event_id":3629,"event_guid":"686b1941-b211-4902-b4c4-1d642398e08b","weight":40},{"event_id":3633,"event_guid":"530f0400-e4e8-4d99-909d-4cfc8121c0b0","weight":34},{"event_id":3640,"event_guid":"700a07e7-a9c4-437b-a4c5-4491b23a9b4a","weight":60},{"event_id":3654,"event_guid":"ac80424a-f4dc-431d-95f3-3f85664ba2dc","weight":44},{"event_id":3662,"event_guid":"8c32309e-7136-4899-8ee4-1558e63ad137","weight":36},{"event_id":3695,"event_guid":"c300b194-2a85-4705-92aa-b4e789882303","weight":36},{"event_id":3731,"event_guid":"bc638f9f-0370-42f9-b83c-f85cca4ca38d","weight":33},{"event_id":3741,"event_guid":"725b4ff6-8d4c-4d8f-9e38-6b1e49e1602c","weight":43},{"event_id":3760,"event_guid":"1c75e6a1-e586-4b91-abce-92a4561d0181","weight":42},{"event_id":3762,"event_guid":"25e2df7d-5740-4c2f-bc34-986326d606fe","weight":60}],"recordings":[{"size":null,"length":null,"mime_type":"application/x-subrip","language":"eng","filename":"33c3-8044-eng-deu-What_could_possibly_go_wrong_with_insert_x86_instruction_here.en.srt","state":"complete","folder":"","high_quality":true,"width":null,"height":null,"updated_at":"2021-02-21T19:46:26.984+01:00","recording_url":"https://cdn.media.ccc.de/congress/2016/33c3-8044-eng-deu-What_could_possibly_go_wrong_with_insert_x86_instruction_here.en.srt","url":"https://api.media.ccc.de/public/recordings/45364","event_url":"https://api.media.ccc.de/public/events/1aa7a4c5-1a3f-444f-99fb-e9c7b4744794","conference_url":"https://api.media.ccc.de/public/conferences/33c3"},{"size":311,"length":3305,"mime_type":"video/mp4","language":"eng","filename":"33c3-8044-eng-What_could_possibly_go_wrong_with_insert_x86_instruction_here.mp4","state":"new","folder":"h264-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2016-12-27T18:50:09.436+01:00","recording_url":"https://cdn.media.ccc.de/congress/2016/h264-hd/33c3-8044-eng-What_could_possibly_go_wrong_with_insert_x86_instruction_here.mp4","url":"https://api.media.ccc.de/public/recordings/13541","event_url":"https://api.media.ccc.de/public/events/1aa7a4c5-1a3f-444f-99fb-e9c7b4744794","conference_url":"https://api.media.ccc.de/public/conferences/33c3"},{"size":349,"length":3305,"mime_type":"video/mp4","language":"deu","filename":"33c3-8044-deu-What_could_possibly_go_wrong_with_insert_x86_instruction_here.mp4","state":"new","folder":"h264-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2016-12-27T18:50:49.894+01:00","recording_url":"https://cdn.media.ccc.de/congress/2016/h264-hd/33c3-8044-deu-What_could_possibly_go_wrong_with_insert_x86_instruction_here.mp4","url":"https://api.media.ccc.de/public/recordings/13542","event_url":"https://api.media.ccc.de/public/events/1aa7a4c5-1a3f-444f-99fb-e9c7b4744794","conference_url":"https://api.media.ccc.de/public/conferences/33c3"},{"size":425,"length":3305,"mime_type":"video/mp4","language":"eng-deu","filename":"33c3-8044-eng-deu-What_could_possibly_go_wrong_with_insert_x86_instruction_here_hd.mp4","state":"new","folder":"h264-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2016-12-27T18:51:33.161+01:00","recording_url":"https://cdn.media.ccc.de/congress/2016/h264-hd/33c3-8044-eng-deu-What_could_possibly_go_wrong_with_insert_x86_instruction_here_hd.mp4","url":"https://api.media.ccc.de/public/recordings/13543","event_url":"https://api.media.ccc.de/public/events/1aa7a4c5-1a3f-444f-99fb-e9c7b4744794","conference_url":"https://api.media.ccc.de/public/conferences/33c3"},{"size":147,"length":3305,"mime_type":"video/mp4","language":"eng-deu","filename":"33c3-8044-eng-deu-What_could_possibly_go_wrong_with_insert_x86_instruction_here_sd.mp4","state":"new","folder":"h264-sd","high_quality":false,"width":720,"height":576,"updated_at":"2016-12-27T23:45:22.118+01:00","recording_url":"https://cdn.media.ccc.de/congress/2016/h264-sd/33c3-8044-eng-deu-What_could_possibly_go_wrong_with_insert_x86_instruction_here_sd.mp4","url":"https://api.media.ccc.de/public/recordings/13630","event_url":"https://api.media.ccc.de/public/events/1aa7a4c5-1a3f-444f-99fb-e9c7b4744794","conference_url":"https://api.media.ccc.de/public/conferences/33c3"},{"size":141,"length":3305,"mime_type":"video/webm","language":"eng-deu","filename":"33c3-8044-eng-deu-What_could_possibly_go_wrong_with_insert_x86_instruction_here_webm-sd.webm","state":"new","folder":"webm-sd","high_quality":false,"width":720,"height":576,"updated_at":"2016-12-27T23:46:11.229+01:00","recording_url":"https://cdn.media.ccc.de/congress/2016/webm-sd/33c3-8044-eng-deu-What_could_possibly_go_wrong_with_insert_x86_instruction_here_webm-sd.webm","url":"https://api.media.ccc.de/public/recordings/13631","event_url":"https://api.media.ccc.de/public/events/1aa7a4c5-1a3f-444f-99fb-e9c7b4744794","conference_url":"https://api.media.ccc.de/public/conferences/33c3"},{"size":42,"length":3292,"mime_type":"audio/opus","language":"eng","filename":"33c3-8044-eng-deu-What_could_possibly_go_wrong_with_insert_x86_instruction_here_opus.opus","state":"new","folder":"opus","high_quality":false,"width":0,"height":0,"updated_at":"2016-12-28T14:58:09.301+01:00","recording_url":"https://cdn.media.ccc.de/congress/2016/opus/33c3-8044-eng-deu-What_could_possibly_go_wrong_with_insert_x86_instruction_here_opus.opus","url":"https://api.media.ccc.de/public/recordings/13629","event_url":"https://api.media.ccc.de/public/events/1aa7a4c5-1a3f-444f-99fb-e9c7b4744794","conference_url":"https://api.media.ccc.de/public/conferences/33c3"},{"size":50,"length":3292,"mime_type":"audio/mpeg","language":"eng","filename":"33c3-8044-eng-deu-What_could_possibly_go_wrong_with_insert_x86_instruction_here_mp3.mp3","state":"new","folder":"mp3","high_quality":false,"width":0,"height":0,"updated_at":"2016-12-28T14:58:09.369+01:00","recording_url":"https://cdn.media.ccc.de/congress/2016/mp3/33c3-8044-eng-deu-What_could_possibly_go_wrong_with_insert_x86_instruction_here_mp3.mp3","url":"https://api.media.ccc.de/public/recordings/13628","event_url":"https://api.media.ccc.de/public/events/1aa7a4c5-1a3f-444f-99fb-e9c7b4744794","conference_url":"https://api.media.ccc.de/public/conferences/33c3"},{"size":335,"length":3305,"mime_type":"video/webm","language":"eng-deu","filename":"33c3-8044-eng-deu-What_could_possibly_go_wrong_with_insert_x86_instruction_here_webm-hd.webm","state":"new","folder":"webm-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2016-12-28T12:32:11.043+01:00","recording_url":"https://cdn.media.ccc.de/congress/2016/webm-hd/33c3-8044-eng-deu-What_could_possibly_go_wrong_with_insert_x86_instruction_here_webm-hd.webm","url":"https://api.media.ccc.de/public/recordings/13695","event_url":"https://api.media.ccc.de/public/events/1aa7a4c5-1a3f-444f-99fb-e9c7b4744794","conference_url":"https://api.media.ccc.de/public/conferences/33c3"}]}