Systems and Network Security Group @VUamsterdam. Co-led by @herbertbos @c_giuffrida @EKouwe
Joined April 2016
- Tweets 228
- Following 138
- Followers 4,275
- Likes 160
52 Photos and videos
Spectre v2 is back again! Disclosing "Training Solo": 3 new self-training attack classes, 2 end-to-end exploits, and 2 new hardware issues that break domain isolation even when implemented perfectly. Joint work by @SanWieb @c_giuffrida: vusec.net/projects/training-…
28
83
5,553
VUSec retweeted
12 May 2025
[1/3] Turns out those old MDS gadgets have new life... In our latest paper at @IEEESSP , we show how attackers can construct PRELOAD TIME, a new cache side-channel which takes advantage of these 'half-Spectre' gadgets.
1
5
7
1,019
Congratulations to @vustudsec for becoming the first the first Student CyberSecurity Association registered in the Netherlands! And happy to see so many members doing well in our Computer Security Master! linkedin.com/posts/vustudsec…
1
4
18
1,751
VUSec retweeted
16 Aug 2024
In the last @vu5ec presentation at @USENIXSecurity, @hanyrax discusses GhostRace and explains how attackers can exploit speculative race conditions in the Linux kernel.
download.vusec.net/papers/gh…
@kurmus
@c_giuffrida
@m4mbr3
6
44
4,367
VUSec retweeted
14 Aug 2024
@bjohannesmeyer presenting our Einstein paper that shows that automating data-only attacks can be easy:
download.vusec.net/papers/ei…
@vu5ec
@asia_slowinska
@c_giuffrida
@USENIXSecurity
4
21
832
VUSec retweeted
14 Aug 2024
@victor_duta presenting the SafeFetch paper about protecting against double fetches:
download.vusec.net/papers/sa…
@vu5ec
@c_giuffrida
@USENIXSecurity
Mitchel Aloserij (not on X?)
2
13
599
VUSec retweeted
14 Aug 2024
Happy to report that our InSpectreGadget paper won a Distinguished Paper award at @USENIXSecurity:
download.vusec.net/papers/in…
@vu5ec @SanWieb @HBitmasks @c_giuffrida
Here is @SanWieb presenting the paper:
2
7
87
3,299
Today at #SP24, @fcgorter presents Sticky Tags. We uncover performance/security issues in prior ARM MTE schemes based on random tagging ( a new speculative oracle) and show how to address them with a new deterministic MTE scheme for spatial memory safety: download.vusec.net/papers/st…
1
16
44
7,532
Our SafeFetch paper @USENIXSecurity is online! Thanks to an optimized in-kernel cache, SafeFetch provides comprehensive protection against double-fetch bugs at a fraction of the cost of prior solutions. Joint work by @victor_duta, Mitchel, @c_giuffrida:
download.vusec.net/papers/sa…
2
18
1,764
VUSec retweeted
9 May 2024
Do you love low-level systems hacking? And would you like to work at a top systems security research group in Amsterdam? At @vu5ec, we have a number of PhD and PostDoc positions available: workingat.vu.nl/vacancies/ph…
1
11
28
3,434
Branch History Injection (BHI) is back! Disclosing Native BHI, bypassing deployed Spectre-v2/BHI mitigations (e.g., eBPF=off) to leak arbitrary kernel/host memory (e.g., root password hash below). Joint work by @SanWieb @HBitmasks @herbertbos @c_giuffrida: vusec.net/projects/native-bh…
41
92
10,154
How do synchronization primitives work during speculative execution? THEY DON'T!
Disclosing #GhostRace (paper @USENIXSecurity). We turn all arch. race-free critical regions of OS/Hypervisors into Speculative Race Conditions. Joint work @vu5ec @IBMResearch: vusec.net/projects/ghostrace
53
157
29,925
VUSec retweeted
9 Feb 2024
Do you have any interesting work in progress in systems security? Negative results? Cool student projects? EuroSec is the perfect place to present it, and offers an excuse to visit Athens and attend EuroSys. Deadline February 14. secopera.eu/eurosec-2024/
10
13
2,497
VUSec retweeted
11 Jan 2024
Excited to announce the CfP for #EuroSec2024 — please submit your finest ideas! Deadline: February 14, 2024. #EuroSecWorkshop #Eurosys2024 secopera.eu/eurosec-2024/
22
21
5,955
VUSec retweeted
12 Dec 2023
New paper with @borrello_pietro @dcdelia @balzarot @lquerzoni @c_giuffrida!
"Predictive Context-sensitive Fuzzing"
introduces compile time context sensitivity to fuzzing w/ selective prioritization using dataflow diversity.
Will appear at NDSS24, get it at download.vusec.net/papers/pc…
1
20
72
7,783
Disclosing #SLAM, aka how to combine Spectre and Intel LAM (& co.) to leak kernel memory on future CPUs (demo below). Thousands of exploitable "unmasked" (or pointer chasing) gadgets in the Linux kernel. Joint work by @MatheHertogh @SanWieb @c_giuffrida: vusec.net/projects/slam
1
58
178
22,923
VUSec retweeted
14 Nov 2023
Come work with us in beautiful Amsterdam! We have a new faculty position in Security research @VUamsterdam. The specific research topic is flexible and synergies with @vu5ec topics are welcome. Feel free to DM for details. workingat.vu.nl/ad/assistant…
10
28
5,237
Our Quarantine @RAID_Conference paper is online! Quarantine enforces strict CPU core-based isolation to mitigate transient execution attacks vs. cloud VMs. Joint work by Mathé Hertogh @manuwiesinger @sirmc @nSinusR Nadav Amit @herbertbos @c_giuffrida: download.vusec.net/papers/qu…
9
34
3,656
Our FloatZone paper @USENIXSecurity is online: a branchless memory sanitizer that efficiently catches buffer overflows ( use-after-frees) with floating-point underflows! Joint work by @fcgorter @enrico_barberis @teemperor @EKouwe @c_giuffrida @herbertbos: vusec.net/projects/floatzone
1
23
92
19,364
Our uncontained paper @USENIXSecurity is online! Find out how the Linux kernel is the "container of" several type confusion bugs, detected by our sanitizer & static analyzer. Joint work by @JakobKoschel @borrello_pietro @dcdelia @herbertbos @c_giuffrida: vusec.net/projects/uncontain…
47
132
49,204