Security research
This is a practical implementation in C that demonstrates the BTB (Branch Target Buffer) technique over ASLR to test L2 cache behavior. Using a flush + reload approach, it reveals cache-based side channels and speculative execution effects.
Practical ImplementationThis project demonstrates ASLR detection on Linux x86_64 systems using AVX2 instructions and RDTSCP timing. It measures memory access times to infer whether ASLR (Address Space Layout Randomization) is active. Fast access indicates ASLR is not present, while slow access or a SIGSEGV signal indicates ASLR is active.
Practical ImplementationThis project demonstrates a basic BROP (Blind Return Oriented Programming) technique to differentiate between correct and incorrect return addresses. It scans a range of memory addresses, overwrites a return address in a simulated stack, and uses SIGSEGV/SIGILL signal handlers to safely skip invalid addresses. Signal handling, stack offset simulation, and address scanning allow verification of valid gadgets in Linux x86_64 environments.
Practical Implementation
ReaperSnap is a single-function, inline-assembly debugging helper for x86_64 Linux.
By calling reaperSnap("<label>") before and after an inline assembly block, it captures a detailed snapshot of the process environment and CPU state, including system info, memory ranges, registers, SIMD/XMM/YMM values, CPUID details, and segment registers.
All output is formatted for readability in ANSI-colored tables.