Can we detect Speculative Blind-ROP attacks? #13
Description
Is your feature request related to a problem? Please describe.
A new paper to read and study: https://www.vusec.net/projects/blindside/
This attack does not create system crashes. Now since Zerotect already only looks at userspace crashes detected by the kernel, this tool has zero visibility into the kernel itself crashing. But if this attack IS made, what side-effects are visible to zerotect that it can look for?
Describe the solution you'd like
Ideally Zerotect detects a speculative blind rop when it is conducted.