@gruss.cc
Aka @lavados #InfoSec University Professor @ #TUGraz. #meltdown, #spectre, #rowhammer, cache attacks, sustainable security. Produced a side channel security sitcom. https://gruss.cc https://x.com/lavados https://infosec.exchange/@lavados
I'm looking forward to presenting my paper, "Continuous User Behavior Monitoring using DNS Cache Timing Attacks" at NDSS next week!
We mount an Evict+Reload-style attack on the local DNS cache, detecting recently accessed domains and evicting to continuously monitor new accesses.
I'm excited to announce that my first first-author paper is accepted at NDSS 2026 π₯³.
Eviction Notice: Reviving and Advancing Page Cache Attacks
Check it out at: snee.la/posts/evicti...
@snee.la, @notimaginary.bsky.social, Lukas Maar, @gruss.cc
from @isec-tugraz.bsky.social, @tugraz.bsky.social
Today we reveal StackWarp: a new CPU vulnerability exploiting a synchronization bug in AMDβs stack engine across Zen 1β5 CPUs. It enables deterministic manipulation of Confidential VM's stack pointer, allowing RCE and privilege escalation via both control- and data-flow hijacking.
I just registered for uasc.cc -- uASC (the Microarchitecture Security Conference) is on February 3rd, in Leuven, Belgium.
**Registration is free but mandatory!**
I would be happy to see all of you there :)
Especially from the Cologne and Ruhr area, it's just a train ride to Leuven -> join us!
I'll arrive at the #39c3 tomorrow evening, see you there!
DIMVA is looking for PC nominations! Feel free to nominate yourself or your peers! π―
[mark your calendar] DIMVA 2026 will be held in Chania, Greece, July 1 - 3, 2026 ποΈπ
Daniele Cono D'Elia and I look forward to your submissions!π₯³
Later in the morning, Jo van Bulck gave an insightful talk about attacking and defending Trusted Execution Environments (TEEs) and the evolution of confidential computing.
#GSW25 #TEE
Thursday evening, @gruss.cc hosted a city tour, showing off the best spots in the inner city, climbing the "Schlossberg," and surprising first-time visitors and locals alike with many fun facts!
#GSW25 #Graz
This morning, David Oswald started our last day at GSW with his talk "Breaching the Gates: Uncovering Hardware Weaknesses in Confidential Computing", giving an overview of power side-channels and fault attacks in confidential computing scenario.
#GSW25 #sidechannels
In our second morning session, Stefan Mangard and @gruss.cc spoke about side-channel attacks in various settings - from phones to computers to networks - showing that side channels really are everywhere.
#GSW25 #SideChannels
Social Event Part 1: Trip to the @zotterchocolates.bsky.social chocolate factory! We tasted our way through the factory with over 40 chocolate stations, experiencing the whole production process from the cocoa bean to the delicious end product! ππ«
#GSW25 #chocolate
Social Event Part 2: Our culinary adventure continues! For dinner we went to a traditional Styrian "Buschenschank", a restaurant serving cold spreads made of local foods and their own wine and juices. π
#GSW25 #buschenschank
For our first session today, Fabio Pierazzi talked about trends and challenges in AI for systems security. What an exciting start to Day 2 of GSW'25!
#GSW25 #AI #SystemSecurity
In our second session, Christian Rossow shared an overview of CFI techniques and developments and showed which areas still need further research to improve the guarantees CFI can provide and the compatibility with language constructs.
#GSW25 #CFI #Cybersecurity
A room full of people doing CTF challenges
The winners of the CTF
Tech support by LosFuzzys
Thumbs up!
This afternoon, our student team LosFuzzys hosted the Graz Security Week CTF! To keep the spirits high and minds sharp, we provided some pizza. β¨π
Congratulations to all winners! π₯³
1st place: "Computerclub St. PΓΆlten (not)"
2nd place: "Zotter Fanclub"
3rd place: "Polund"
#GSW25 #CTF
In the afternoon, we continued with "Advanced Branch Target Injection Attacks" by Kaveh Razavi: An awesome talk about how branch target injection aka spectre v2 attacks evolved since 2018!
#GSW25 #spectre
Our last session of the day: The PhD Forumβhere our participants got the chance to share their research in short 5-min presentations!Β
Hopefully, this will help them to get connected with others working on similar topics and spark some interesting discussions this week!
#GSW25 #PhD #research
Here we go!
Graz Security Week is starting any minute now! π₯³
Welcome to Graz!
We wish you a great week. π
We're kicking-off our summer school Graz Security Week with a short introduction and our first talk by Maria Eichlseder about Lightweight Cryptography and its challenges.
#GSW25 #lightweight #cryptography
Congrats!
Congratulations Dr. @giner.cc! It was great to have you in our team and I am proud of you that you have completed this journey with an excellent PhD thesis. Your works will have lasting impact on the community and I wish you the best for your next endeavors!
π Congratulations to @notimaginary.bsky.social! π
This week, he defended his PhD thesis βAttacking and Securing Leaky Systems at the Hardware-Software Boundary.β!
Weβre so excited for you and wish you all the best for the future!π
Check out the thesis here π
www.jonasjuffinger.com/phd-thesis.pdf
Congratulations Dr. @notimaginary.bsky.social! Was a pleasure to take part in your journey and I am really proud of you! Outstanding thesis and defense - you absolutely deserve the PhD! All the best for your future!
You can all check out Jonas' PhD thesis here: www.jonasjuffinger.com/phd-thesis.pdf
If you're looking for something to do before or after #dimva25 in #graz, maybe hike up the SchΓΆckl (1445m) www.bergfex.at/sommer/steie...
uASC 2026 will take place on February 3, 2026, in Leuven, Belgium, hosted by KU Leuven. We can't wait to see you next year!
Cycle 1 Paper Submission Deadline is July 15, 2025!
π uasc.cc #uasc26
Only one month left to submit your paper for the first submission cycle at uASC 2026!
π
Submission Deadline: July 15, 2025
π uasc.cc
#microarchitecture #security #conference #uasc26
Join the Graz Security Week from Sep 1 to 5! with @sahar-abdelnabi.bsky.social, Jo Van Bulck, Maria Eichlseder, Georg Fuchsbauer, @sublevado.bsky.social, @fbpierazzi.bsky.social, Kaveh Razavi, Christian Rossow, Yang Zhang securityweek.at (system security, side channels, AI security, & cryptography)
I am happy to announce that my first paper has been accepted at USENIX Security!
We propose TEEcorrelate, a mitigation that statistically decorrelates reported performance counters from real ones during TEE execution.
Congrats!
