Twitter | Search | |
Alex Ionescu
Windows Internals Expert, Speaker, Trainer and Security Researcher.
5,408
Tweets
1,229
Following
29,644
Followers
Tweets
Alex Ionescu retweeted
offensivecon 3h
We will be giving out 8 free tickets (2 tickets per training) for selected OffensiveCon trainings to members. Windows Internals by , Windows Kernel Rootkits by , Linux Kernel Exploitation by and Browser Exploitation by .
Reply Retweet Like
Alex Ionescu 4h
Replying to @hoyty
One at 30hz, two at 60hz
Reply Retweet Like
Alex Ionescu 14h
I gave up on LG’s mystery 5K screen after ordering it almost a year ago. I got myself the 32” Dell 8K screen instead. Holy pixels.
Reply Retweet Like
Alex Ionescu 14h
Replying to @saxbophone
I felt the same way. I also can’t believe that’s their real name. A true gift to humankind.
Reply Retweet Like
Alex Ionescu 14h
Replying to @saxbophone
/permissive- is a good one to use in VS2017 if you are using modern clang on the *X side. But yeah other than that your flags + using /W4 on Windows are a good start that’ll catch most things.
Reply Retweet Like
Alex Ionescu 14h
Replying to @saxbophone
Oh man, it’s complicated (I run and work with teams that own millions of shared LOC on multiple platforms) :) the short answer is Godbolt :
Reply Retweet Like
Alex Ionescu 14h
Replying to @saxbophone
-Wconversion
Reply Retweet Like
Alex Ionescu 15h
Replying to @mamyun
Come on Mehmet, give us a reg key so we can enable this on RS5 :-)
Reply Retweet Like
Alex Ionescu 15h
I think I first heard about this from (sorry if I misattibuted). The fact you can JIT x86 at faster than native speeds due to the insanity of AVX512 is awesome. So glad to finally see it public/nearly finished.
Reply Retweet Like
Alex Ionescu 15h
Build something like Playgrounds / Brett victor’s coding UX
Reply Retweet Like
Alex Ionescu 18h
Replying to @gsuberland @aall86
Yeah, the bluehat slides from describe the incredible software work that went into mitigating this efficiently, especially on Windows (code signing requirements, relocations etc). I think he’ll post them soon.
Reply Retweet Like
Alex Ionescu 18h
Replying to @aionescu
Here's a screenshot of SpecuCheck on an AMD Ryzen processor (RS5) vs. an Intel processor with IBRS and Retpoline (19H1). Notice the lack of BPB flushing on kernel->user transitions.
Reply Retweet Like
Alex Ionescu 18h
tl;dr, If you don’t have patched Intel microcode with IBRS support, or if you’re on AMD Zen processors, Windows won’t fully mitigate against Spectre v2 until 19H1, even though RS5 has everything needed to activate this.
Reply Retweet Like
Alex Ionescu 18h
Replying to @aionescu
I really think every effort should be made to back port this to the current OS release -- it seems silly to hold this back when RS5 shipped with much riskier changes. Non-IBRS machines out there are basically sitting ducks :( 6/
Reply Retweet Like
Alex Ionescu 18h
Replying to @aionescu
Given that this was already presented at BlueHat and works just fine on 19H1, why is Microsoft waiting an extra 6 months before releasing it? I took a look at the RS5 binaries and the appropriate PE sections are already present! 5/
Reply Retweet Like
Alex Ionescu 18h
Replying to @aionescu
Retpoline is enabled even on systems that only have IBPB, meaning that these systems are finally protected against Spectre v2 even on kernel->user transitions vs. the current state of affairs (where there's no protection). IBRS systems meanwhile will see a perf boost. 4/
Reply Retweet Like
Alex Ionescu 18h
Replying to @aall86
On my Windows 19H1 system, I noticed that now the "Retpoline Kernel" is enabled, which was described by 's great talk at BlueHat v18. I ran a filesystem benchmark on my Surface Pro 4 and noticed a big improvement in transfer speeds, especially at smaller block sizes. 3/
Reply Retweet Like
Alex Ionescu 18h
Replying to @aionescu
This is likely due to the fact that IBPB (the other mitigation) is 2-3x slower than IBRS, so the performance hit would make many common user scenarios unpalatable, and would be even worse on server scenarios. 2/
Reply Retweet Like
Alex Ionescu 18h
Wow, fixing SpecuCheck made me realize an interesting reality about the Spectre V2 mitigations on Windows. On systems without IBRS, Windows won't flush the BPB on kernel->user transitions. This opens up a potential security issue for CPUs without microcode that implements IBRS 1/
Reply Retweet Like
Alex Ionescu Oct 16
Replying to @0xAlexei
Look into TTD :) no breakpoints...
Reply Retweet Like