📰 Fabian Thomas

📄 Article InstrSem: Automatically and Generically Inferring Semantics of (Undocumented) CPU Instructions

📄 Article StackWarp: Breaking AMD SEV-SNP Integrity via Deterministic Stack-Pointer Manipulation through the CPU's Stack Engine

📄 Article RISCy Cache Coherence: Timer-Free Architectural Cache Attacks via Instruction/Data Cache Incoherence

📄 Article CVE-2025-54505

📄 Article TREVEX: A Black-Box Detection Framework For Data-Flow Transient Execution Vulnerabilities

📄 Article No Time To Leak: Exposing Timer-Free Cache-State Leaks on ARM CPUs

📄 Article How Secure Are Commercial RISC-V CPUs?

📄 Article CVE-2025-29943

📄 Article No Clock, No Problem: Discovering Timer-Free Cache-State Side Channels

📄 Article When Timers Fail: Discovering Hidden Cache State Leaks on ARM CPUs

📄 Article ExfilState: Automated Discovery of Timer-Free Cache Side Channels on ARM CPUs

📄 Article RISCover: Automatic Discovery of User-exploitable Architectural Security Vulnerabilities in Closed-Source RISC-V CPUs

📄 Article Rapid Reversing of Non-Linear CPU Cache Slice Functions: Unlocking Physical Address Leakage

📄 Article ShadowLoad: Injecting State into Hardware Prefetchers

📄 Article From Rowhammer to GhostWrite: Advanced Exploitation and Discovery of Hardware Bugs

📄 Article CVE-2024-44067

📄 Article Arbitrary Data Manipulation and Leakage with CPU Zero-Day Bugs on RISC-V

📄 Article A Rowhammer Reproduction Study Using the Blacksmith Fuzzer

📄 Article Indirect Meltdown: Building Novel Side-Channel Attacks from Transient Execution Attacks

📄 Article Reviving Meltdown 3a

📄 Article Building a Power-Efficient Home Server

Like so many tech people out there, I run a home server since around 2020, on which I have a couple of services running. These most notably include syncthing for file synchronization, nightly backups with restic, and forgejo for git projects with LFS support. I kept that server running at my parent’…

📄 Article Hammulator: Simulate Now – Exploit Later

📄 Article About

Technical Details I’m a proponent of the old web, where simple HTML sites were linked via hyperlinks. Todays web landscape heavily makes use of client side code execution (java script). While I like the possibilities that this gives a site owner, I think there is too much java script used in todays …

📄 Article Contact

My mail: fabian [at] fabianthomas.de Find my GPG public key here. Fingerprint: EF3B 2A99 4ED4 593A 7C5B 8458 0488 0B90 0F37 A933 While I don’t like it, I decided to not include a mailto link on this page. That is, because I was told that it drastically reduces spam mails, because crawlers are only f…

📄 Article Imprint

Address: Fabian Thomas c/o CISPA – Helmholtz-Zentrum für Informationssicherheit gGmbH Stuhlsatzenhaus 5 66123 Saarbrücken (Germany) E-Mail: fabian.thomas [at] cispa.de Phone: +49 681 87083 2495 For more detailed contact information check this page.

📄 Article Privacy Policy

As I explain on the about page, I try to minimize tracking and complexity. For that reason I use as little JavaScript, cookies, etc. as possible. Further, the goal is to not load or send any information from or to any third party host. If you find any violation of my own rules, please drop me an E-M…