In-Spectre-Meltdown: a PoC for Meltdown and Spectre vulnerabilities

In-Spectre-Meltdown is a PoC developed by Viral Maniar using Python and Powershell to check speculative execution side-channel attacks that affect many modern processors and operating systems designs that allows unprivileged processes to steal secrets from privileged processes.

This tool is based on this paper from Microsoft and presents 3 different ways of attacking data protection measures on CPUs enabling attackers to read data they shouldn’t be able to.

image

Usage

  • Run the python code or download the executable from the releases section and run it as an administrator user.
  • Press Number 1, 2, 3 & 4 in sequence to see the results.
  • Press 1: Sets the execution policy to unrestricted.
  • Press 2: Imports necessary PowerShell modules
  • Press 3: Installs Spectre related modules within PowerShell
  • Press 4: Inspects control settings for Spectre & Meltdown and displays result
  • Press 5: Exit from the program

References

 

Comments