HW-SPECTRECredential Access

Spectre / Meltdown-class Side-Channel

Speculative execution leaks kernel / cross-process memory via cache-side-channels — useful in cloud (cross-tenant) and browser (cross-origin).

§ Where this technique fits

HW-SPECTRE is catalogued under the Credential Access tactic of the offensive-security kill-chain. It appears in 1 approved dossier in the registry, typically at step 3 on average.

§ Dossiers chaining this technique

Spectre-class side-channel → cross-tenant memory leak
Pre-mitigation cloud VM lets a co-tenant trigger speculative loads from kernel / sibling-VM memory. Cache-side-channel measurements recover sensitive data, including TLS keys + cloud creds.
step 3 / 6

§ What commonly comes next

01
Cache Timing Attack (FLUSH+RELOAD / PRIME+PROBE)
HW-CACHE-TIMING · Credential Access
seen 1×

§ Where this technique fits

§ Dossiers chaining this technique

Spectre-class side-channel → cross-tenant memory leak

§ What commonly comes next