The Discovery of Zenbleed ft. Tavis Ormandy

Channel:
United States LiveOverflow
Subscribers:
921,000
Published on ● Video Link: https://www.youtube.com/watch?v=neWc0H1k2Lc


Duration: 19:43
63,268 views
3,887

How did Tavis Ormandy fuzz CPUs to discover Zenbleed? In this video we learn about the techniques to make this work!

Watch part 2: https://www.youtube.com/watch?v=9EY_9KtxyPg

buy my font (advertisement): https://shop.liveoverflow.com/

This video is sponsored by Google: https://security.googleblog.com/2023/08/downfall-and-zenbleed-googlers-helping.html

Original Zenbleed Writeup: https://lock.cmpxchg8b.com/zenbleed.html

AMD Security Bulletin: https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7008.html
Tavis Ormandy: https://twitter.com/taviso
Sudoedit Exploit Series: https://www.youtube.com/playlist?list=PLhixgUqwRTjy0gMuT4C3bmjeZjuNQyqdx
Documented Intel Performance Counters: https://perfmon-events.intel.com/skylake_server.html
RIDL Video: https://www.youtube.com/watch?v=x_R1DeZxGc0

Chapters:
00:00 - Intro
01:22 - Zenbleed Proof of Concept
03:06 - Tavis Ormandy
04:18 - How Fuzzing Works
06:31 - CPU Performance Counters
11:06 - Detect Bugs with "Oracle Serialization"
15:09 - Fuzzing and Discovering Zenbleed
18:46 - Outro

=[ ❤️ Support ]=

→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join

2nd Channel: https://www.youtube.com/LiveUnderflow

=[ 🐕 Social ]=

→ Twitter: https://twitter.com/LiveOverflow/
→ Streaming: https://twitch.tvLiveOverflow/
→ TikTok: https://www.tiktok.com/@liveoverflow_
→ Instagram: https://instagram.com/LiveOverflow/
→ Blog: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/



Other Videos By LiveOverflow


2024-09-29My theory on how the webp 0day was discovered (BLASTPASS)
2024-09-03Learn Android Hacking! - University Nevada, Las Vegas (2024)
2024-08-20My Trip to DEF CON & Black Hat
2024-01-22Finding The .webp Vulnerability in 8s (Fuzzing with AFL++)
2023-12-21A Vulnerability to Hack The World - CVE-2023-4863
2023-11-20Reinventing Web Security
2023-10-17The Circle of Unfixable Security Issues
2023-10-05Binary Exploitation vs. Web Security
2023-09-19Hacker Tweets Explained
2023-08-29Zenbleed (CVE-2023-20593)
2023-08-18The Discovery of Zenbleed ft. Tavis Ormandy
2023-08-01Asking Android Developers About Security at Droidcon Berlin
2023-07-22Local Root Exploit in HospitalRun Software
2023-07-13Android App Bug Bounty Secrets
2023-07-03Generic HTML Sanitizer Bypass Investigation
2023-06-22Hacking Google Cloud?
2023-06-11Trying to Find a Bug in WordPress
2023-05-31Authentication Bypass Using Root Array
2023-05-22My YouTube Financials - The Future of LiveOverflow
2023-05-11Defending LLM - Prompt Injection
2023-04-27Accidental LLM Backdoor - Prompt Tricks


Tags:
Live Overflow
liveoverflow
hacking tutorial
how to hack
exploit tutorial
zenbleed
CVE-2023-20593
amd ryzen
zen2
zen-2
fuzzing cpu
tavis ormandy
zen bleed
speculative execution
ridl
spectre
meltdown
cpu bug
microarchitecture
mds
data sampling
side-channel
side channel
hacker interview
tavis
ormandy
google
micro code
assembly
transient
out of order
fuzzer
feedback
coverage guided fuzzing
performance counters