Étienne Hourdebaigt
@ehourdebaigt.net
Organizer @nsec.io, Hacker, CTFs, Privacy, Research, Social Tech, Serial Expat 🗺️🧭
💰 Google VRP paid $150K for this vulnerability: their highest cloud bounty ever!
The researchers showed how you can combine two primitives and how to make it work in a real cloud setup with a huge amount of noise.
While this applies to old CPUs, it is a major concern for public clouds!
The researchers showed how you can combine two primitives and how to make it work in a real cloud setup with a huge amount of noise.
While this applies to old CPUs, it is a major concern for public clouds!
October 2, 2025 at 8:03 PM
💰 Google VRP paid $150K for this vulnerability: their highest cloud bounty ever!
The researchers showed how you can combine two primitives and how to make it work in a real cloud setup with a huge amount of noise.
While this applies to old CPUs, it is a major concern for public clouds!
The researchers showed how you can combine two primitives and how to make it work in a real cloud setup with a huge amount of noise.
While this applies to old CPUs, it is a major concern for public clouds!
A malicious VM uses a "half-Spectre" gadget in the hypervisor to load sensitive data into L1 cache → L1TF on a sibling core leaks it → TLS keys stolen in ~15 hours (even with cache flushing/core scheduling).
A good read to learn more about L1TF aka Foreshadow vuln: www.redhat.com/en/blog/unde...
A good read to learn more about L1TF aka Foreshadow vuln: www.redhat.com/en/blog/unde...
Understanding L1 Terminal Fault aka Foreshadow: What you need to know
L1 Terminal Fault/Foreshadow explained in ~three minutesFor a more detailed technical view of L1 Terminal Fault, please see this deeper dive with Jon Masters.How we got here: a brief history of modern...
www.redhat.com
October 2, 2025 at 8:03 PM
A malicious VM uses a "half-Spectre" gadget in the hypervisor to load sensitive data into L1 cache → L1TF on a sibling core leaks it → TLS keys stolen in ~15 hours (even with cache flushing/core scheduling).
A good read to learn more about L1TF aka Foreshadow vuln: www.redhat.com/en/blog/unde...
A good read to learn more about L1TF aka Foreshadow vuln: www.redhat.com/en/blog/unde...