pwn.college - Microarchitecture Exploitation - DCTLV2025
Name of Training: Microarchitecture Exploitation
Trainer(s): Yan Shoshitaishvili, Connor Nelson, Robert Wasinger, Adam Doupé
Dates: August 11-12, 2025
Time: 8:00 am to 5:00 pm PT
Venue: Las Vegas Convention Center
Cost: $2000
Course Description:
Course Outline:
-
Microarchitectural Foundations
- Architecture vs. microarchitecture, pipeline overview
- Memory hierarchy: L1/L2/L3 caches, cache lines, coherence
-
Cache Fundamentals & Timing Primitives
- Cache hits/misses, eviction, replacement policies
- High-resolution timers, rdtsc, fencing instructions
-
Cache-Based Side-Channels
- Flush + Reload mechanics
- Evict + Time and Prime + Probe variants
-
Speculative Execution & Transient Instructions
- Out-of-order pipelines, reservation stations, reorder buffers
- Fencing, serialization, and speculation barriers
-
Branch Prediction Internals
- Local/global history tables, perceptrons, indirect-branch predictors
- Poisoning and mistraining strategies
-
Spectre Variant 1 (Conditional Misprediction)
- Gadget hunting, bounds-check bypass pattern
- Exploit orchestration and noise reduction techniques
-
Spectre Variant 2 (Indirect Branch Target Injection)
- RSB/BPB internals, trampoline gadgets
- Kernel vs. user-space attack surfaces
-
Meltdown (Fault-Driven Transient Reads)
- Permission checks, page-fault racing, exception suppression
- Translating kernel addresses to physical leaks
-
Mitigations & Defenses
- KPTI, retpolines, lfence hardening, cache partitioning
- Hardware fixes and their performance costs
-
Attack Engineering & Automation
- Reliable measurement pipelines, statistical filtering
- Ethics, disclosure, and real-world case studies
Difficulty Level:
Intermediate. Designed for students who already feel comfortable reading x86-64 assembly, writing C, using GDB, and working in a Linux shell. No prior hardware-security background is assumed.
Suggested Prerequisites:
- Working knowledge of C or C++.
- Ability to read and write basic x86-64 assembly.
- Prior experience with classic memory-corruption or binary-exploitation techniques is helpful but not required.
What Students Should Bring:
- A laptop with a modern web browser that can connect to the Internet. All labs will be available in a browser-based environment, so no additional software installation is required.
- It may be helpful to create a free account on https://pwn.college before the training, and get some quick familiarity with the platform at https://pwn.college/welcome, but this is not required.
- A willingness to learn and experiment with new concepts.
Trainer(s) Bio:
Zardus (Yan Shoshitaishvili, PhD)
Zardus has been part of the DEF CON community since DEF CON 9 (2001) and part of the Shellphish CTF team since DEF CON 17 (2009). He ran DEF CON CTF for four years (2018-2021) with Order of the Overflow, and successfully captained Shellphish through the participation in the DARPA Cyber Grand Challenge, in which they won third place and a spot in history (but not in the Smithsonian). Now he is an Associate Professor of Computer Science at Arizona State University and co-founder of pwn.college, where he has taught tens of thousands of students how to hack.
kanak (Connor Nelson, PhD)
Connor is a DEF CON veteran and has been part of the DEF CON CTF community since 2015. He has been a member of the Shellphish CTF team since 2018, and has competed in numerous CTFs around the world. He is the chief architect and co-founder of pwn.college, where he has helped design and deliver education to tens of thousands of students. His research primarily focuses on the intersection between CTF and education, and he has published several papers on the topic.
robwaz (Robert Wasinger)
Robert is the Principal Microarchitecture Curriculum Developer at pwn.college, where he leads the creation, maintenance, and delivery of advanced educational content on microarchitecture exploitation, among numerous other cybersecurity topics. Known for his engaging lectures on YouTube and Twitch, Robert famously insists that the man page is always the ultimate source of truth, firmly believing that no question lies beyond the reach of man. When not meticulously dissecting exploits, you'll likely find him helping students with their toughest questions on the pwn.college Discord server.
adamd (Adam Doupé, PhD)
Adam is equal parts hacker and educator, seamlessly blending exploits and insights. With deep roots in DEF CON culture, he ran the renowned DEF CON CTF with Order of the Overflow from 2018 to 2021, after competing in several editions with Shellphish. As Director of Arizona State University's Center for Cybersecurity & Trusted Foundations (CTF), he unearths vulnerabilities—including multiple CVEs in Apple's core OS—and transforms complex security topics into digestible, engaging lessons. Winner of the NSF CAREER Award and the ASU Fulton Best Teacher Award, he brings an infectious enthusiasm to cybersecurity education that resonates with both seasoned hackers and new learners alike.
Registration Terms and Conditions:
Trainings are refundable before July 8, 2025, minus a non-refundable processing fee of $250.
Trainings are non-refundable after July 8, 2025.
Training tickets may be transferred. Please email us at training@defcon.org for specifics.
If a training does not reach the minimum registration requirement, it may be cancelled. In the event the training you choose is cancelled, you will be provided the option of receiving a full refund or transferring to another training (subject to availability).
Failure to attend the training without prior written notification, will be considered a no-show. No refund will be given.
By purchasing this ticket you agree to abide by the DEF CON Training Code of Conduct and the registration terms and conditions listed above.
Several breaks will be included throughout the day. Please note that food is not included.
All courses come with a certificate of completion, contingent upon attendance at all course sessions.
Training Justification Request – DEF CON Training
To: [Manager Name]
From: [Employee Name]
Date: [Date]
Subject: Business Justification for Attendance at DEF CON Training
Dear [manager’s name],
I am requesting approval to attend DEF CON Training, one of the cybersecurity industry's most recognized technical training programs. I’ve reviewed the options and selected a course to expand my skills with [1-2 key skills focus areas for the course].
DEF CON has been one of the world’s leading cybersecurity communities for more than three decades, known for convening industry, government, and independent experts to exchange advanced knowledge and practical skills. Building on this tradition, DEF CON Training delivers intensive courses taught by recognized global instructors. DEF CON Training courses offer hands-on instruction in a challenging, fast-paced environment. Many of the courses offered by DEF CON Training align with the National Institute of Standards and Technology (NIST) NICE Framework and Department of Defense Cyber Workforce Framework (DCWF), and attending this course will help me build and sharpen the skills required for my role.
Training: [Name of DEF CON Training Course]
Instructor/Provider: [Trainer Name(s)]
Dates: [Training Dates]
Location: Las Vegas, NV
Cost: [Course Fee]
Travel Expenses: [estimated travel & accommodations costs]
Course Description: [Copy short description of the selected class from the website here]
Trainer Bio: [Copy bio of the trainers of the selected class from the website here]
Once I’ve completed the course, I’ll be able to:
[copy student outcomes from course page where available or choose 3-4 skills or topic areas from the outline that are applicable to your current role, will help you fill a skill gap, etc.]
Business Need
As cyber threats continue to evolve, it is critical that our organization maintains current knowledge of emerging techniques and industry best practices. The selected DEF CON training aligns directly with my responsibilities in [your role/field here - for example, security operations, incident response, threat detection and hunting, application security, cloud security, risk management, security engineering].
The course will provide practical, hands-on experience that can be immediately applied to our environment and security initiatives. DEF CON training emphasizes real-world attack and defense scenarios, enabling participants to develop skills that extend beyond traditional classroom learning.
Request for Approval
I respectfully request approval and funding to attend DEF CON Training this August in Las Vegas. The knowledge, hands-on experience, and industry insights gained will directly support our cybersecurity objectives and contribute to strengthening our organization's security capabilities.
Thank you for your consideration. Please let me know if you have questions or need additional information to support this request.
Sincerely,
[Employee name]