Academic Publications

2026

StackWarp: Breaking AMD SEV-SNP Integrity via Deterministic Stack-Pointer Manipulation through the CPU's Stack Engine

InstrSem: Automatically and Generically Inferring Semantics of (Undocumented) CPU Instructions

2025

ExfilState: Automated Discovery of Timer-Free Cache Side Channels on ARM CPUs

RISCover: Automatic Discovery of User-exploitable Architectural Security Vulnerabilities in Closed-Source RISC-V CPUs

Rapid Reversing of Non-Linear CPU Cache Slice Functions: Unlocking Physical Address Leakage

ShadowLoad: Injecting State into Hardware Prefetchers

2023

A Rowhammer Reproduction Study Using the Blacksmith Fuzzer

Indirect Meltdown: Building Novel Side-Channel Attacks from Transient Execution Attacks

Reviving Meltdown 3a

Hammulator: Simulate Now – Exploit Later