When you Accidentally Compromise every CPU on Earth

Try CodeCrafters today with 40% off! 👉 https://app.codecrafters.io/join?via=daniel-boctor

In this video, we take a deep dive into Spectre and Meltdown, two of the most dangerous and widespread transient execution CPU vulnerabilities, discovered by researchers at Google Project Zero. These vulnerabilities allow a rogue process to read from unauthorized memory on nearly every device in the world. What makes these bugs particularly dangerous is that they don't behave like any software bug we've seen before, as they don't rely on exploiting any fundamental weakness or flaws in any code. These vulnerabilities are baked into the very essence of modern CPU technology, attacking underlying CPU micro-architectures.

JOIN THE DISCORD! 👉 https://discord.gg/WYqqp7DXbm

0:00 – Pizza Index
1:15 - Side Channels
2:05 – Spectre Overview
7:04 – Speculative Execution
10:50 - Exploit


Official Source:
https://meltdownattack.com/

Official CERT report:
https://web.archive.org/web/20180104032628/http://www.kb.cert.org/vuls/id/584653

Pizza meter:
https://en.wikipedia.org/wiki/The_Pizza_Meter

Google Project Zero blog post:
https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html


A few additional videos that helped me:
https://www.youtube.com/watch?v=mgAN4w7LH2o (special thanks to Ymir Vigfusson's awesome video! This video was an inspiration to me, and one of the best spectre explanations on YouTube)
https://www.youtube.com/watch?v=I5mRwzVvFGE
https://www.youtube.com/watch?v=Njgoed0lv0A
https://www.youtube.com/watch?v=ekBV2AdUc5g
https://www.youtube.com/watch?v=IPhvL3A-e6E


MUSIC CREDITS:
LEMMiNO - Cipher
https://www.youtube.com/watch?v=b0q5PR1xpA0
CC BY-SA 4.0

LEMMiNO - Firecracker
https://www.youtube.com/watch?v=ulfoU2MziOc
CC BY-SA 4.0

LEMMiNO - Nocturnal
https://www.youtube.com/watch?v=epmoV2HRs9U
CC BY-SA 4.0

LEMMiNO - Siberian
https://www.youtube.com/watch?v=5py6E6yo7wk
CC BY-SA 4.0

LEMMiNO - Encounters
https://www.youtube.com/watch?v=xdwWCl_5x2s
CC BY-SA 4.0


#programming #software #softwareengineering #computerscience #code #programminglanguage #softwaredevelopment #hacking #hack #cybersecurity #exploit #tracking #softwareengineer #vulnerability #pentesting #privacy #spyware #malware #cyber #cyberattack #ethicalhacking #encoding #lowlevelsecurity #zeroday #security #cybersecurity #breaches #databreaches #bug #bugbounty #pentesting #penetrationtesting #backdoor #javascript #hacked #spectre #CPU #intel #AMD #meltdown #assembly #ARM #semiconductor #computerengineering#cybersecurity programming #software #softwareengineering #computerscience #code #programminglanguage #softwaredevelopment #hacking #hack #cybersecurity #exploit #tracking #softwareengineer #vulnerability #pentesting #privacy #spyware #malware #cyber #cyberattack #ethicalhacking #encoding #lowlevelsecurity #zeroday #security #cybersecurity #breaches #databreaches #bug #bugbounty #pentesting #penetrationtesting #backdoor #javascript #hacked #spectre #CPU #intel #AMD #meltdown #assembly #ARM #semiconductor #computerengineering