About Me

I am a security researcher with a focus on microarchitectural attacks. I have obtained my PhD entitled "Exploiting Microarchitectural Optimizations from Software" in August 2021 at Graz University of Technology. I am the founder of pwmt.org, an open-source community creating functional and simplistic applications and libraries. I am interested in microarchitectural side-channel attacks and apiculture.

If you have any questions or just want to get in touch, feel free to contact me!

Publications

Presentations

  • 2023
  • Transient Execution Attacks

    Moritz Lipp, Michael Schwarz, Daniel Gruss

    IT-Defense 2023, Mainz, Germany, February 08, 2023

  • 2022
  • CPU Fuzzing Automatic Discovery of Microarchitectural Attacks

    Daniel Weber, Moritz Lipp

    Black Hat MEA, Riyadh, Saudi Arabia, November 16, 2022

  • Exploiting Microarchitectural Optimizations from Software

    Moritz Lipp

    GI-Dissertationspreis 2021 Finalists, Dagstuhl, Germany, May 25, 2022

  • Exploiting Microarchitectural Optimizations from Software

    Moritz Lipp

    Heinz Zemanek Preis 2022 Finalists, Vienna, Austria, May 18, 2022

  • 2021
  • Platypus Power Side Channels in Software

    Moritz Lipp, Daniel Gruss

    Red Hat Research Days, Online, June 23, 2021

  • 2020
  • Attacking CPUs with Power Side Channels from Software Warum leaked hier Strom?

    Moritz Lipp, Michael Schwarz, Andreas Kogler, Daniel Gruss

    rC3, Online, December 28, 2020

  • LVI Hijacking Transient Execution through Microarchitectural Load Value Injection

    Jo van Bulck, Michael Schwarz, Moritz Lipp, Daniel Gruss

    rC3, Online, December 27, 2020

  • ZombieLoad Leaking Data on Intel CPUs

    Michael Schwarz, Moritz Lipp

    BlackHat Asia, Marina Bay Sands, Singapore, April 02, 2020

  • 2019
  • ZombieLoad Attack

    Michael Schwarz, Moritz Lipp, Daniel Gruss

    36th Chaos Communication Congress (36C3), Leipzig, Germany, December 28, 2019

  • Transient Execution Attacks Exploiting the CPU's Microarchitecture

    Michael Schwarz, Moritz Lipp

    Guest Talk @ Worcester Polytechnic Institute, Worcester, Massachusetts, United States, October 07, 2019

  • Secure Enclaves als Angriffsvektor

    Daniel Gruss, Moritz Lipp, Michael Schwarz

    IKT-Sicherheitskonferenz, Fürstenfeld, Austria, October 01, 2019

  • Meltdown, Spectre, Zombie-Load Wie Hardware-Fehler die Systemsicherheit gefährden

    Daniel Gruss, Moritz Lipp, Michael Schwarz

    IKT-Sicherheitskonferenz, Fürstenfeld, Austria, October 01, 2019

  • Ghosts in a Nutshell

    Claudio Canella, Moritz Lipp

    Black Hat Asia, Marina Bay Sands, Singapore, March 28, 2019

  • 2018
  • A Christmas Carol The Spectres of the Past, Present, and Future

    Moritz Lipp, Michael Schwarz, Daniel Gruss, Claudio Canella

    35th Chaos Communication Congress (35C3), Leipzig, Germany, December 28, 2018

  • Mikroarchitekturangriffe Wenn der Prozessor Geheimnisse verrät

    Moritz Lipp

    19. Jahresforum SecurITy, Vienna, Austria, October 23, 2018

  • Meltdown Basics, Details, Consequences

    Daniel Gruss, Michael Schwarz, Moritz Lipp

    Black Hat USA, Mandalay Bays, Las Vegas, USA, August 04, 2018

  • Another Flip in the Row

    Daniel Gruss, Michael Schwarz, Moritz Lipp

    Black Hat USA, Mandalay Bays, Las Vegas, USA, August 04, 2018

  • Fehlerfreie Software und trotzdem unsicher? Eine Einführung in die Mikroarchitekturangriffe anhand von Meltdown, Spectre, und Rowhammer

    Daniel Gruss, Moritz Lipp, Michael Schwarz

    Monat der freien Bildung, Graz, Austria, May 25, 2018

  • Meltdown and Spectre Side-channels considered hARMful

    Moritz Lipp, Michael Schwarz

    Qualcomm Mobile Security Summit, San Diego, CA, USA, May 16, 2018

  • When Good Turns Evil Using Intel SGX to Stealthily Steal Bitcoins

    Michael Schwarz, Moritz Lipp

    Black Hat Asia, Marina Bay Sands, Singapore, March 20, 2018

  • Breaking through walls How performance optimisations shatter security boundaries

    Moritz Lipp

    QCon London, London, United Kingdom, March 05, 2018

  • Rowhammer From the Basics to Sophisticated New Variants

    Moritz Lipp, Michael Schwarz

    Qualcomm, San Diego, CA, USA, February 21, 2018

  • Spectre and Meltdown on x86 and ARM

    Michael Schwarz, Moritz Lipp, Stefan Mangard

    NXP, Gratkorn, Austria, February 15, 2018

  • Spectre and Meltdown in a nutshell

    Moritz Lipp

    Vienna Cyber Security Week 2018, Vienna, Austria, February 01, 2018

  • Microarchitectural Attacks and Defenses in JavaScript

    Michael Schwarz, Daniel Gruss, Moritz Lipp

    Guest Talk @ Google, Munich, Germany, January 25, 2018

  • Beyond Belief Spectre and Meltdown

    Daniel Gruss, Moritz Lipp, Michael Schwarz

    Microsoft BlueHat IL 2018, Tel Aviv, Israel, January 24, 2018

  • 2017
  • How processor performance is tied to side-channel leakage With great speed comes great leakage

    Daniel Gruss, Moritz Lipp

    Qualcomm Mobile Security Summit 2017, San Diego, CA, USA, May 18, 2017

  • 2016
  • What could possibly go wrong with <insert x86 instruction here>?

    Clémentine Maurice, Moritz Lipp

    33rd Chaos Communication Congress (33C3), Hamburg, Germany, December 31, 2016

  • Moritz Lipp, Clémentine Maurice

    Black Hat Europe 2016, London, UK, November 30, 2016

Awards

  • 2022
  • SIGSAC Doctoral Dissertation Award Runners-Up

    Moritz Lipp

    ACM CCS 2022, Los Angeles, USA

  • GI-Dissertation Award 2021 Best PhD thesis in computer science in german-speaking countries

    Moritz Lipp

    INFORMATIK2022, Hamburg, Germany

  • Pwnie Award Pwnie for Best Desktop Bug

    Pietro Borrello, Andreas Kogler, Martin Schwarzl, Moritz Lipp, Daniel Gruss, Michael Schwarz

    Black Hat USA, Las Vegas, USA

  • CVE-2022-21233 ÆPIC Leak

    Pietro Borrello, Andreas Kogler, Martin Schwarzl, Moritz Lipp, Daniel Gruss, Michael Schwarz

  • 2021
  • CVE-2021-26318 Side-channels Related to the x86 PREFETCH Instruction

    Moritz Lipp, Daniel Gruss, Michael Schwarz

  • 2020
  • NSA Best Scientific Cybersecurity Paper Competition Spectre Attacks: Exploiting Speculative Execution

    Paul Kocher, Jann Horn, Anders Fogh, Daniel Genkin, Daniel Gruss, Werner Haas, Mike Hamburg, Moritz Lipp, Stefan Mangard, Thomas Prescher, Michael Schwarz, Yuval Yarom

    NSA, Fort Meade, Maryland, USA

  • CVE-2020-8694, CVE-2020-8695 Running Average Power Limit Energy Reporting

    Moritz Lipp, Andreas Kogler, David Oswald, Michael Schwarz, Daniel Gruss

  • CVE-2020-0551 Load Value Injection

    Jo Van Bulck, Daniel Moghimi, Michael Schwarz, Moritz Lipp, Marina Minkin, Daniel Genkin, Yuval Yarom, Berk Sunar, Daniel Gruss, Frank Piessens, Dan Lutas, Andrei Lutas

  • CVE-2020-0549 L1D Eviction Sampling

    Moritz Lipp, Michael Schwarz, Daniel Gruss, Jo Van Bulck, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida

  • 2019
  • CVE-2019-11135 TAA - Data Leakage using TSX Asynchronous Aborts

    Moritz Lipp, Michael Schwarz, Daniel Gruss, Jo Van Bulck, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze

  • NSA Best Scientific Cybersecurity Paper Competition Honorable Mention Meltdown: Reading Kernel Memory from User Space

    Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Stefan Mangard, Paul Kocher, Daniel Genkin, Yuval Yarom, Mike Hamburg, Jann Horn, Anders Fogh

    NSA, Fort Meade, Maryland, USA

  • S&P Distinguished Paper Award Spectre Attacks: Exploiting Speculative Execution

    Paul Kocher, Daniel Genkin, Daniel Gruss, Werner Haas, Mike Hamburg, Moritz Lipp, Stefan Mangard, Thomas Prescher, Michael Schwarz, Yuval Yarom

    40th IEEE Symposium on Security and Privacy, San Francisco, California, USA

  • CVE-2019-11091 MDSUM - Meltdown on Uncachable Memory

    Moritz Lipp, Michael Schwarz, Daniel Gruss, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida

  • 2018
  • CSAW Best Paper Award for Meltdown Applied Research Competition

    Moritz Lipp

    CSAW'18 Europe, Grenoble INP - ESISAR, France

  • Pwnie Award Pwnie for Best Privilege Escalation Bug

    Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Stefan Mangard, Paul Kocher, Daniel Genkin, Yuval Yarom, Mike Hamburg, Jann Horn, Anders Fogh

    Black Hat USA, Las Vegas, USA

  • Pwnie Award Pwnie for Most Innovative Research

    Jann Horn, Paul Kocher, Daniel Genkin, Mike Hamburg, Moritz Lipp, Yval Yarom, Werner Haas, Thomas Prescher, Daniel Gruss, Stefan Mangard, Michael Schwarz

    Black Hat USA, Las Vegas, USA

  • CVE-2018-12130 ZombieLoad / RIDL / MFBDS - Leaking Data from the Line-fill Buffer

    Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, Daniel Gruss

  • CVE-2018-12126 Fallout / MSBDS - Leaking Data from the Store Buffer

    Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Lei Shi, Marina Minkin, Daniel Moghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel Gruss, Berk Sunar, Frank Piessens, Yuval Yarom

  • Förderpreis für Abschlussarbeiten Best Master thesis

    Moritz Lipp

    Forums Technik und Gesellschaft, Graz, Austria

  • CVE-2018-5754 Meltdown - CPU Vulnerability allowing to Leak Kernel Memory from User Space

    Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Stefan Mangard, Paul Kocher, Daniel Genkin, Yuval Yarom, Mike Hamburg, Jann Horn, Anders Fogh

  • CVE-2017-5753, CVE-2017-5715 Spectre - Speculative Execution CPU Vulnerability

    Jann Horn, Paul Kocher, Daniel Genkin, Mike Hamburg, Moritz Lipp, Yval Yarom, Werner Haas, Thomas Prescher, Daniel Gruss, Stefan Mangard, Michael Schwarz

  • 2017
  • Pwnie Award Pwnie for Best Song

    Manuel Weber, Daniel Gruss, Michael Schwarz, Moritz Lipp, Rebekka Aigner

    Black Hat USA, Las Vegas, USA

  • 2016
  • IAIK Student Research Excellence Award

    Moritz Lipp

    IAIK Graz University of Technology, Graz, Austria

  • WKO Steiermark Stipend

    Moritz Lipp

    Wirtschaftskammer Steiermark, Graz, Austria