--- tags: linux2019 --- # Spectre attack analysis ## Goal > 任務: 對照 [linux-kernel-exploits](https://github.com/SecWiki/linux-kernel-exploits) 的分析手法，實作 Speculative Execution Attack PoC > 參照: [SpectrePoC](https://github.com/crozone/SpectrePoC) ## Side-channel attack analysis https://hackmd.io/@HexRabbit/r1NsvMQIN ## Application of side-channel attacks https://hackmd.io/@leixx/ByeH5AVC4 ## Cross-process attack PoC :::info still working on it. ::: ## Reference PoC * [crozone/SpectrePoC](https://github.com/crozone/SpectrePoC) > PoC from [Spectre paper](https://spectreattack.com/spectre.pdf) * [lsds/spectre-attack-sgx](https://github.com/lsds/spectre-attack-sgx)\ > Spectre-like attack against [Intel SGX](https://software.intel.com/en-us/sgx) enclave * [mniip/spectre-meltdown-poc](https://github.com/mniip/spectre-meltdown-poc) > Another PoC, but need to use `sys_call_table` as param to execute * [opsxcq/exploit-cve-2017-5715](https://github.com/opsxcq/exploit-cve-2017-5715) > Another PoC * [Spectre CPU Vulnerability Online Checker by Tencent's Xuanwu Lab](https://xlab.tencent.com/special/spectre/spectre_check.html) > JavaScript Spectre Checker * [tbodt/spectre](https://github.com/tbodt/spectre) > Spectre Cross-Process Read Demo * [cryptax/spectre-armv7](https://github.com/cryptax/spectre-armv7) > Spectre PoC on ARMv7-based Android Devices * [gregvish/meltdownpoc](https://github.com/gregvish/meltdownpoc) > A PoC combined with Branch Target Injection (Spectre variant 2) and Meltdown * [Hackndo/spectre-poc](https://github.com/Hackndo/spectre-poc) > Detailed Spectre PoC ## Reference * [speed47/spectre-meltdown-checker](https://github.com/speed47/spectre-meltdown-checker) * [Foreshadow: Breaking the Virtual Memory Abstraction with Transient Out-of-Order Execution](https://foreshadowattack.eu)