Topics: MIT Courses. #programming #comp_arch #learning

MIT courses of Electrical Engineering and Computer Science.

https://ocw.mit.edu/courses/electrical-engineering-and-computer-science/

#math #learning

https://ocw.mit.edu/courses/mathematics/

check https://t.iss.one/c/1123530133/22

Topics: MOLES, Side-Channel Attack, Differential Power Analysis. #hardware #crypto

Malicious Off-Chip Leakage Enabled by Side-Channels (MOLES) is implemented with spread-spectrum techniques to create additional side-channels that can leak information below the noise power level, thus hardening the process of trojan detection, since only the attacker knows how to extract the information leaked by the side-channels.

Additional information about spread-spectrum:

https://www.ni.com/pt-br/innovations/white-papers/06/understanding-spread-spectrum-for-communications.html

https://www.electronics-notes.com/articles/radio/dsss/what-is-direct-sequence-spread-spectrum.php (using the XOR)

#learning #misc

https://sci.hubg.org/

@scihubot

The first pirate website in the world to provide mass and public access to tens of millions of research papers.

Topics: Machine Learning. #roadmap

Machine Learning Roadmap.

Topics: Scan Chain, Scan Based Attacks, JTAG. #hardware #reversing

This paper explains how Scan-based Design-for-Test (DFT) can be used to compromise the security of a microchip and extract the secret keys of a cryptographic algorithm.

Advanced Programming in the UNIX Environment - Complete Course

In this course (CS631) from Stevens Institute of Technology taught by Jan Schaumann, you will learn to develop complex system-level software in the C programming language while gaining an intimate understanding of the Unix operating system and its programming environment.

—Topics covered include the user/kernel interface, fundamental concepts of Unix, user authentication, basic and advanced I/O, fileystems, signals, process relationships, and interprocess communication. Fundamental concepts of software development and maintenance on Unix systems (development and debugging tools such as "make" and "gdb") will also be covered.

—Full course schedule, slides and programs can be found at:
https://stevens.netmeister.org/631/

—Full video series (56) is available on youtube too:
https://www.youtube.com/watch?v=BsB9Cg6yJc4&list=PL0qfF8MrJ-jxMfirAdxDs9zIiBg2Wug0z&index=1

#bsd #c #learning

Topics: Electromagnetic Side-Channel Attack, EM Simulation. #hardware #reversing

Security Evaluation against EM side-channel attack using an EM simulation methodology.

This EM simulation methodology involves current flow simulation, chip layout parasitics extraction, then data processing to simulate direct EM emissions or modulated emissions.

Topics: PCI-based DMA Attack. #hardware #exploit

https://github.com/carmaa/inception

Inception is a physical memory manipulation and hacking tool exploiting PCI-based DMA. The tool can attack over FireWire, Thunderbolt, ExpressCard, PC Card and any other PCI/PCIe HW interfaces.

Topics: Exploits, Google Chrome. #exploit #reversing

Chrome in-the-wild bug analysis: CVE-2021-30632.

https://securitylab.github.com/research/in_the_wild_chrome_cve_2021_30632/

Topics: C++ Decompilation. #reversing #cpp

This pdf is useful if you want to understand the C++ structure in a low-level perspective, also it will help you when reverse engineering C++ applications.

Topics: DRAM Rowhammer. #hardware #hacking

In this article they use the rowhammer to gain kernel privileges. The idea is to mmap() a large block of memory and search for addresses where bits are flipped, then spray the physical memory with page tables in order to make the PTE's physical page number point to their process, and hammer the aggressor addresses.

The repeated toggling of a row's wordline can disturb nearby cells and make them lose charge, if a cell loses too much charge before it is restored, it experiences a disturbance error. The following code is used to disturb the cells:

code1a:
mov (X), %eax
mov (Y), %ebx
clflush (X) // See Vol 3 11.5.5
clflush (Y)
mfence // Not used in the Google's article.
jmp code1a

In this structure, when the access transistor is turned on by applying a voltage on the gate of the access transistor, a voltage representing the data value is placed onto the bitline and charges the storage capacitor. The storage capacitor then retains the stored charge after the access transistor is turned off and the voltage on the wordline is removed. However, the electrical charge stored in the storage capacitor will gradually leak away with the passage of time. To ensure data integrity, the stored data value in the DRAM cell must be periodically read out and written back by the DRAM device in a process known as refresh.

From Memory Systems: Cache, DRAM, Disk.

A little piece of Andromeda's Galaxy