{"id":2990,"date":"2018-10-11T07:06:05","date_gmt":"2018-10-11T01:36:05","guid":{"rendered":"http:\/\/kalilinuxtutorials.com\/?p=2990"},"modified":"2018-10-11T07:06:05","modified_gmt":"2018-10-11T01:36:05","slug":"sandsifter-x86-processor","status":"publish","type":"post","link":"https:\/\/kalilinuxtutorials.com\/sandsifter-x86-processor\/","title":{"rendered":"Sandsifter &#8211; The x86 Processor Fuzzer For Hidden Instructions &#038; Hardware Bugs"},"content":{"rendered":"<p>The sandsifter audits x86 processors for hidden instructions and hardware bugs, by systematically generating machine code to search through a processor&#8217;s instruction set, and monitoring execution for anomalies. Sandsifter has uncovered secret processor instructions from every major vendor; ubiquitous software bugs in disassemblers, assemblers, and emulators; flaws in enterprise hypervisors; and both benign and security-critical hardware bugs in x86 chips.<\/p>\n<p>With the multitude of x86 processors in existence, the goal of the tool is to enable users to check their own systems for hidden instructions and bugs.<\/p>\n<p><strong><span class=\"td_btn td_btn_sm td_3D_btn\">Also Read<\/span><\/strong><a href=\"https:\/\/kalilinuxtutorials.com\/takeover-cname-record-subdomains\/\" target=\"_blank\" rel=\"noopener\"><strong>TakeOver : Takeover Script Extracts CNAME Record Of All Subdomains At Once<\/strong><\/a><\/p>\n<p>To run a basic audit against your processor:<\/p>\n<pre><code><strong><span style=\"color: #008000;\">sudo .\/sifter.py --unk --dis --len --sync --tick -- -P1 -t<\/span><\/strong><\/code><\/pre>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-2991\" src=\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2018\/10\/sandsifter.gif\" alt=\"\" width=\"542\" height=\"396\" \/><\/p>\n<p>The computer is systematically scanned for anomalous instructions. In the upper half, you can view the instructions that the sandsifter is currently testing on the processor. In the bottom half, the sandsifter reports anomalies it finds.<\/p>\n<p>The search will take from a few hours to a few days, depending on the speed of and complexity of your processor. When it is complete, summarize the results:<\/p>\n<pre><code><strong><span style=\"color: #008000;\">.\/summarize.py data\/log\n<\/span><\/strong><\/code><\/pre>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-2992\" src=\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2018\/10\/sandsifter1.png\" alt=\"\" width=\"542\" height=\"412\" \/><\/p>\n<p>Typically, several million undocumented instructions on your processor will be found, but these generally fall into a small number of different groups. After binning the anomalies, the summarize tool attempts to assign each instruction to an issue category:<\/p>\n<ul>\n<li>Software bug (for example, a bug in your hypervisor or disassembler),<\/li>\n<li>Hardware bug (a bug in your CPU), or<\/li>\n<li>Undocumented instruction (an instruction that exists in the processor, but is not acknowledged by the manufacturer)<\/li>\n<\/ul>\n<p>Press &#8216;Q&#8217; to quit and obtain a text based summary of the system scan:<\/p>\n<p>The results of a scan can sometimes be difficult for the tools to automatically classify, and may require manual analysis. For help analyzing your results, feel free to send the .\/data\/log file to xoreaxeaxeax@gmail.com. No personal information, other than the processor make, model, and revision (from \/proc\/cpuinfo) are included in this log.<\/p>\n<h2><strong>Building<\/strong><\/h2>\n<p>Sandsifter requires first installing the Capstone disassembler: <a href=\"http:\/\/www.capstone-engine.org\/\" rel=\"nofollow\">http:\/\/www.capstone-engine.org\/<\/a>. Capstone can typically be installed with:<\/p>\n<pre><code><strong><span style=\"color: #008000;\">sudo apt-get install libcapstone3 libcapstone-dev\nsudo pip install capstone\n<\/span><\/strong><\/code><\/pre>\n<p>Sandsifter can be built with:<\/p>\n<pre><code><strong><span style=\"color: #008000;\">make\n<\/span><\/strong><\/code><\/pre>\n<p>and is then run with<\/p>\n<pre><code><strong><span style=\"color: #008000;\">sudo .\/sifter.py --unk --dis --len --sync --tick -- -P1 -t\n<\/span><\/strong><\/code><\/pre>\n<h2><strong>Flags<\/strong><\/h2>\n<p>Flags are passed to the sifter with &#8211;flag, and to the injector with &#8212; -f.<\/p>\n<p>Example:<\/p>\n<pre><code><strong><span style=\"color: #008000;\">sudo .\/sifter.py --unk --dis --len --sync --tick -- -P1 -t\n<\/span><\/strong><\/code><\/pre>\n<p>Sifter flags:<\/p>\n<pre><code><strong><span style=\"color: #008000;\">--len\n\tsearch for length differences in all instructions (instructions that\n\texecuted differently than the disassembler expected, or did not\n\texist when the disassembler expected them to\n\n--dis\n\tsearch for length differences in valid instructions (instructions that\n\texecuted differently than the disassembler expected)\n\n--unk\n\tsearch for unknown instructions (instructions that the disassembler doesn't\n\tknow about but successfully execute)\n\n--ill\n\tthe inverse of --unk, search for invalid disassemblies (instructions that do\n\tnot successfully execute but that the disassembler acknowledges)\n\n--tick\n\tperiodically write the current instruction to disk\n\n--save\n\tsave search progress on exit\n\n--resume\n\tresume search from last saved state\n\n--sync\n\twrite search results to disk as they are found\n\n--low-mem\n\tdo not store results in memory\n<\/span><\/strong><\/code><\/pre>\n<p><strong>Injector flags:<\/strong><\/p>\n<pre><code><strong><span style=\"color: #008000;\">-b\n\tmode: brute force\n\n-r\n\tmode: randomized fuzzing\n\n-t\n\tmode: tunneled fuzzing\n\n-d\n\tmode: externally directed fuzzing\n\n-R\n\traw output mode\n\n-T\n\ttext output mode\n\n-x\n\twrite periodic progress to stderr\n\n-0\n\tallow null dereference (requires sudo)\n\n-D\n\tallow duplicate prefixes\n\n-N\n\tno nx bit support\n\n-s seed\n\tin random search, seed value\n\n-B brute_depth\n\tin brute search, maximum search depth\n\n-P max_prefix\n\tmaximum number of prefixes to search\n\n-i instruction\n\tinstruction at which to start search (inclusive)\n\n-e instruction\n\tinstruction at which to end search (exclusive)\n\n-c core\n\tcore on which to perform search\n\n-X blacklist\n\tblacklist the specified instruction\n\n-j jobs\n\tnumber of simultaneous jobs to run\n\n-l range_bytes\n\tnumber of base instruction bytes in each sub range\n<\/span><\/strong><\/code><\/pre>\n<h2><strong>Keys<\/strong><\/h2>\n<p>m: Mode &#8211; change the search mode (brute force, random, or tunnel) for the sifter<\/p>\n<p>q: Quit &#8211; exit the sifter<\/p>\n<p>p: Pause &#8211; pause or unpause the search<\/p>\n<h2><strong>Algorithms<\/strong><\/h2>\n<p>The scanning supports four different search algorithms, which can be set at the command line, or cycled via hotkeys.<\/p>\n<ul>\n<li>Random searching generates random instructions to test; it generally produces results quickly, but is unable to find complex hidden instructions and bugs.<\/li>\n<li>Brute force searching tries instructions incrementally, up to a user-specified length; in almost all situations, it performs worse than random searching.<\/li>\n<li>Driven or mutation driven searching is designed to create new, increasingly complex instructions through genetic algorithms; while promising, this approach was never fully realized, and is left as a stub for future research.<\/li>\n<li>Tunneling is the approach described in the presentation and white paper, and in almost all cases provides the best trade-off between thoroughness and speed.<\/li>\n<\/ul>\n<h2><strong>Tips<\/strong><\/h2>\n<ul>\n<li>sudo<\/li>\n<\/ul>\n<p>For best results, the tool should be run as the root user. This is necessary so that the process can map into memory a page at address 0, which requires root permissions. This page prevents many instructions from seg-faulting on memory accesses, which allows a more accurate fault analysis.<\/p>\n<ul>\n<li>Prefixes<\/li>\n<\/ul>\n<p>The primary limitation for the depth of an instruction search is the number of prefix bytes to explore, with each additional prefix byte increasing the search space by around a factor of 10. Limit prefix bytes with the -P flag.<\/p>\n<ul>\n<li>Colors<\/li>\n<\/ul>\n<p>The interface for the sifter is designed for a 256 color terminal. While the details vary greatly depending on your terminal, this can roughly be accomplished with:<\/p>\n<pre><code><strong><span style=\"color: #008000;\"> export TERM='xterm-256color'\n<\/span><\/strong><\/code><\/pre>\n<ul>\n<li>GUI<\/li>\n<\/ul>\n<p>The interface assumes the terminal is of at least a certain size; if the interface is not rendering properly, try increasing the terminal size; this can often be accomplished by decreasing the terminal font size.<\/p>\n<p>In some cases, it may be desirable or necessary to run the tool without the graphical front end. This can be done by running the injector directly:<\/p>\n<pre><span style=\"color: #008000;\"><strong><code><span style=\"color: #008000;\"> sudo .\/injector -P1 -t -0\n<\/span><\/code><\/strong><\/span><\/pre>\n<p>To filter the results of a direct injector invocation, grep can be used. For example,<\/p>\n<pre><code><strong><span style=\"color: #008000;\"> sudo .\/injector -P1 -r -0 | grep '\\.r' | grep -v sigill\n<\/span><\/strong><\/code><\/pre>\n<p>searches for instructions for which the processor and disassembler disagreed on the instruction length (grep &#8216;.r&#8217;), but the instruction successfully executed (grep -v sigill).<\/p>\n<ul>\n<li>Targeted fuzzing<\/li>\n<\/ul>\n<p>In many cases, it is valuable to direct the fuzzer to a specific target. For example, if you suspect that an emulator has flaws around repeated &#8216;lock&#8217; prefixes (0xf0), you could direct the fuzzer to search this region of the instruction space with the -i and -e flags:<\/p>\n<pre><strong><span style=\"color: #008000;\"><code><span style=\"color: #008000;\"> sudo .\/sifter.py --unk --dis --len --sync --tick -- -t -i f0f0 -e f0f1 -D -P15\n<\/span><\/code><\/span><\/strong><\/pre>\n<ul>\n<li>Legacy systems<\/li>\n<\/ul>\n<p>For scanning much older systems (i586 class processors, low memory systems), pass the &#8211;low-mem flag to the sifter and the -N flag to the injector:<\/p>\n<pre><code><strong><span style=\"color: #008000;\"> sudo .\/sifter.py --unk --dis --len --sync --tick --low-mem -- -P1 -t -N\n<\/span><\/strong><\/code><\/pre>\n<p>If you observe your scans completing too quickly (for example, a scan completes in seconds), it is typically because these flags are required for the processor you are scanning.<\/p>\n<ul>\n<li>32 vs. 64 bit<\/li>\n<\/ul>\n<p>By default, sandsifter is built to target the bitness of the host operating system. However, some instructions have different behaviors when run in a 32 bit process compared to when run in a 64 bit process. To explore these scenarios, it is sometimes valuable to run a 32 bit sandsifter on a 64 bit system.<\/p>\n<p>To build a 32 bit sandsifter on a 64 bit system, Capstone must be installed as 32 bit; the instructions for this can be found at http:\/\/www.capstone-engine.org\/.<\/p>\n<p>Then sandsifter must be built for a 32 bit architecture:<\/p>\n<pre><strong><span style=\"color: #008000;\"><code><span style=\"color: #008000;\"> make CFLAGS=-m32\n<\/span><\/code><\/span><\/strong><\/pre>\n<p>With this, the 32 bit instruction space can be explored on a 64 bit system.<\/p>\n<p><a href=\"https:\/\/github.com\/xoreaxeaxeax\/sandsifter\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-999\" src=\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2018\/04\/button_download.png\" alt=\"\" width=\"141\" height=\"40\" \/><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The sandsifter audits x86 processors for hidden instructions and hardware bugs, by systematically generating machine code to search through a processor&#8217;s instruction set, and monitoring execution for anomalies. Sandsifter has uncovered secret processor instructions from every major vendor; ubiquitous software bugs in disassemblers, assemblers, and emulators; flaws in enterprise hypervisors; and both benign and security-critical [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"","fifu_image_alt":"","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[28],"tags":[2930],"class_list":["post-2990","post","type-post","status-publish","format-standard","hentry","category-kali","tag-sandsifter"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Sandsifter - The x86 Processor Fuzzer For Hidden Instructions<\/title>\n<meta name=\"description\" content=\"The sandsifter audits x86 processors for hidden instructions and hardware bugs, by systematically generating machine code to search through a processor&#039;s\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/kalilinuxtutorials.com\/sandsifter-x86-processor\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Sandsifter - The x86 Processor Fuzzer For Hidden Instructions\" \/>\n<meta property=\"og:description\" content=\"The sandsifter audits x86 processors for hidden instructions and hardware bugs, by systematically generating machine code to search through a processor&#039;s\" \/>\n<meta property=\"og:url\" content=\"https:\/\/kalilinuxtutorials.com\/sandsifter-x86-processor\/\" \/>\n<meta property=\"og:site_name\" content=\"Kali Linux Tutorials\" \/>\n<meta property=\"article:published_time\" content=\"2018-10-11T01:36:05+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2018\/10\/sandsifter.gif\" \/>\n<meta name=\"author\" content=\"R K\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@CyberEdition\" \/>\n<meta name=\"twitter:site\" content=\"@CyberEdition\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"R K\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/sandsifter-x86-processor\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/sandsifter-x86-processor\/\"},\"author\":{\"name\":\"R K\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad\"},\"headline\":\"Sandsifter &#8211; The x86 Processor Fuzzer For Hidden Instructions &#038; Hardware Bugs\",\"datePublished\":\"2018-10-11T01:36:05+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/sandsifter-x86-processor\/\"},\"wordCount\":954,\"publisher\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/sandsifter-x86-processor\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2018\/10\/sandsifter.gif\",\"keywords\":[\"Sandsifter\"],\"articleSection\":[\"Kali Linux\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/sandsifter-x86-processor\/\",\"url\":\"https:\/\/kalilinuxtutorials.com\/sandsifter-x86-processor\/\",\"name\":\"Sandsifter - The x86 Processor Fuzzer For Hidden Instructions\",\"isPartOf\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/sandsifter-x86-processor\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/sandsifter-x86-processor\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2018\/10\/sandsifter.gif\",\"datePublished\":\"2018-10-11T01:36:05+00:00\",\"description\":\"The sandsifter audits x86 processors for hidden instructions and hardware bugs, by systematically generating machine code to search through a processor's\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/kalilinuxtutorials.com\/sandsifter-x86-processor\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/sandsifter-x86-processor\/#primaryimage\",\"url\":\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2018\/10\/sandsifter.gif\",\"contentUrl\":\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2018\/10\/sandsifter.gif\"},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#website\",\"url\":\"https:\/\/kalilinuxtutorials.com\/\",\"name\":\"Kali Linux Tutorials\",\"description\":\"Kali Linux Tutorials\",\"publisher\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/kalilinuxtutorials.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\",\"name\":\"Kali Linux Tutorials\",\"url\":\"https:\/\/kalilinuxtutorials.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png\",\"contentUrl\":\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png\",\"width\":272,\"height\":90,\"caption\":\"Kali Linux Tutorials\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/CyberEdition\",\"https:\/\/www.threads.com\/@cybersecurityedition\",\"https:\/\/www.linkedin.com\/company\/cyberedition\",\"https:\/\/www.instagram.com\/cybersecurityedition\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad\",\"name\":\"R K\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g\",\"caption\":\"R K\"},\"url\":\"https:\/\/kalilinuxtutorials.com\/author\/ranjith\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Sandsifter - The x86 Processor Fuzzer For Hidden Instructions","description":"The sandsifter audits x86 processors for hidden instructions and hardware bugs, by systematically generating machine code to search through a processor's","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/kalilinuxtutorials.com\/sandsifter-x86-processor\/","og_locale":"en_US","og_type":"article","og_title":"Sandsifter - The x86 Processor Fuzzer For Hidden Instructions","og_description":"The sandsifter audits x86 processors for hidden instructions and hardware bugs, by systematically generating machine code to search through a processor's","og_url":"https:\/\/kalilinuxtutorials.com\/sandsifter-x86-processor\/","og_site_name":"Kali Linux Tutorials","article_published_time":"2018-10-11T01:36:05+00:00","og_image":[{"url":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2018\/10\/sandsifter.gif","type":"","width":"","height":""}],"author":"R K","twitter_card":"summary_large_image","twitter_creator":"@CyberEdition","twitter_site":"@CyberEdition","twitter_misc":{"Written by":"R K","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/kalilinuxtutorials.com\/sandsifter-x86-processor\/#article","isPartOf":{"@id":"https:\/\/kalilinuxtutorials.com\/sandsifter-x86-processor\/"},"author":{"name":"R K","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad"},"headline":"Sandsifter &#8211; The x86 Processor Fuzzer For Hidden Instructions &#038; Hardware Bugs","datePublished":"2018-10-11T01:36:05+00:00","mainEntityOfPage":{"@id":"https:\/\/kalilinuxtutorials.com\/sandsifter-x86-processor\/"},"wordCount":954,"publisher":{"@id":"https:\/\/kalilinuxtutorials.com\/#organization"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/sandsifter-x86-processor\/#primaryimage"},"thumbnailUrl":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2018\/10\/sandsifter.gif","keywords":["Sandsifter"],"articleSection":["Kali Linux"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/kalilinuxtutorials.com\/sandsifter-x86-processor\/","url":"https:\/\/kalilinuxtutorials.com\/sandsifter-x86-processor\/","name":"Sandsifter - The x86 Processor Fuzzer For Hidden Instructions","isPartOf":{"@id":"https:\/\/kalilinuxtutorials.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/kalilinuxtutorials.com\/sandsifter-x86-processor\/#primaryimage"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/sandsifter-x86-processor\/#primaryimage"},"thumbnailUrl":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2018\/10\/sandsifter.gif","datePublished":"2018-10-11T01:36:05+00:00","description":"The sandsifter audits x86 processors for hidden instructions and hardware bugs, by systematically generating machine code to search through a processor's","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/kalilinuxtutorials.com\/sandsifter-x86-processor\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/sandsifter-x86-processor\/#primaryimage","url":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2018\/10\/sandsifter.gif","contentUrl":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2018\/10\/sandsifter.gif"},{"@type":"WebSite","@id":"https:\/\/kalilinuxtutorials.com\/#website","url":"https:\/\/kalilinuxtutorials.com\/","name":"Kali Linux Tutorials","description":"Kali Linux Tutorials","publisher":{"@id":"https:\/\/kalilinuxtutorials.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/kalilinuxtutorials.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/kalilinuxtutorials.com\/#organization","name":"Kali Linux Tutorials","url":"https:\/\/kalilinuxtutorials.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/","url":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png","contentUrl":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png","width":272,"height":90,"caption":"Kali Linux Tutorials"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/CyberEdition","https:\/\/www.threads.com\/@cybersecurityedition","https:\/\/www.linkedin.com\/company\/cyberedition","https:\/\/www.instagram.com\/cybersecurityedition\/"]},{"@type":"Person","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad","name":"R K","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g","caption":"R K"},"url":"https:\/\/kalilinuxtutorials.com\/author\/ranjith\/"}]}},"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":3026,"url":"https:\/\/kalilinuxtutorials.com\/autordpwn\/","url_meta":{"origin":2990,"position":0},"title":"AutoRDPwn &#8211; The Shadow Attack Framework","author":"R K","date":"October 21, 2018","format":false,"excerpt":"AutoRDPwn is a script created in Powershell and designed to automate the Shadow attack on Microsoft Windows computers. This vulnerability allows a remote attacker to view his victim's desktop without his consent, and even control it on request. For its correct operation, it is necessary to comply with the requirements\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2018\/04\/button_download.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":3006,"url":"https:\/\/kalilinuxtutorials.com\/digiduck-framework\/","url_meta":{"origin":2990,"position":1},"title":"DigiDuck &#8211; Framework for Digiduck Development Boards Running ATTiny85 Processors &#038; Micronucleus Bootloader","author":"R K","date":"October 18, 2018","format":false,"excerpt":"Framework for Digiduck Development Boards running ATTiny85 processors and micronucleus bootloader! DigiDuck Installation DigiDuck Framework (Referred to as DDF) is really simple to start and setup! There are no third party modules required for DDF! All you need to do is make sure you have Python 3.6+ (I used this\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2018\/10\/DigiDuck1.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2018\/10\/DigiDuck1.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2018\/10\/DigiDuck1.png?resize=525%2C300&ssl=1 1.5x"},"classes":[]},{"id":3039,"url":"https:\/\/kalilinuxtutorials.com\/recondog-swiss-army-knife\/","url_meta":{"origin":2990,"position":2},"title":"ReconDog &#8211; Reconnaissance Swiss Army Knife","author":"R K","date":"October 21, 2018","format":false,"excerpt":"Following are the ReconDog main features, Wizard + CLA interface Can extracts targets from STDIN (piped input) and act upon them All the information is extracted with APIs, no direct contact is made to the target ReconDog\u00a0Utilities Censys: Uses censys.io to gather massive amount of information about an IP address.\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2018\/10\/1.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2018\/10\/1.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2018\/10\/1.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2018\/10\/1.png?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2018\/10\/1.png?resize=1050%2C600&ssl=1 3x"},"classes":[]},{"id":17464,"url":"https:\/\/kalilinuxtutorials.com\/twiti\/","url_meta":{"origin":2990,"position":3},"title":"TwiTi : Tool for extracting IOCs from tweet","author":"R K","date":"August 11, 2021","format":false,"excerpt":"TwiTi, a tool for extracting IOCs from tweets, can collect a large number of fresh, accurate IOCs.TwiTi does classifying whether a tweet contains IOCs or not.extracting IOCs from a tweet and also from links mentioned in a tweet. For more details please refer to our paper,\"#Twiti: Social Listening for Threat\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":27516,"url":"https:\/\/kalilinuxtutorials.com\/penguintrace\/","url_meta":{"origin":2990,"position":4},"title":"PenguinTrace : Tool To Show How Code Runs At The Hardware Level","author":"R K","date":"October 26, 2022","format":false,"excerpt":"penguinTrace is intended to help build an understanding of how programs run at the hardware level. It provides a way to see what instructions compile to, and then step through those instructions and see how they affect machine state as well as how this maps back to variables in the\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjezLRUGmDnYb-pCvAsFnQss7ryZwr6l6w3E239o_igvhXAyn58yubbhmgui3uEOFeChMyo9GS-1TX7qzYYlygBDi4sUdtvfDYG0LpkQjJYAm9QdXB5XiySsUEVk-ndYwiLtf2V66F4YTzCDdZbLrFA1NCvmLe4JUN9Hp_7T_7bVWHdDKFbJCyeNc-E\/s728\/penguinTrace.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjezLRUGmDnYb-pCvAsFnQss7ryZwr6l6w3E239o_igvhXAyn58yubbhmgui3uEOFeChMyo9GS-1TX7qzYYlygBDi4sUdtvfDYG0LpkQjJYAm9QdXB5XiySsUEVk-ndYwiLtf2V66F4YTzCDdZbLrFA1NCvmLe4JUN9Hp_7T_7bVWHdDKFbJCyeNc-E\/s728\/penguinTrace.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjezLRUGmDnYb-pCvAsFnQss7ryZwr6l6w3E239o_igvhXAyn58yubbhmgui3uEOFeChMyo9GS-1TX7qzYYlygBDi4sUdtvfDYG0LpkQjJYAm9QdXB5XiySsUEVk-ndYwiLtf2V66F4YTzCDdZbLrFA1NCvmLe4JUN9Hp_7T_7bVWHdDKFbJCyeNc-E\/s728\/penguinTrace.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjezLRUGmDnYb-pCvAsFnQss7ryZwr6l6w3E239o_igvhXAyn58yubbhmgui3uEOFeChMyo9GS-1TX7qzYYlygBDi4sUdtvfDYG0LpkQjJYAm9QdXB5XiySsUEVk-ndYwiLtf2V66F4YTzCDdZbLrFA1NCvmLe4JUN9Hp_7T_7bVWHdDKFbJCyeNc-E\/s728\/penguinTrace.png?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":25622,"url":"https:\/\/kalilinuxtutorials.com\/can-linux-be-installed-on-a-mac\/","url_meta":{"origin":2990,"position":5},"title":"Can Linux Be Installed On a Mac?","author":"Balaji N","date":"June 1, 2022","format":false,"excerpt":"Linux operating system is the most common open source OS used on servers, smartphones, desktop and laptop computers, and other compatible devices. It can run on most major computer platforms like ARM, SPARC, and x86; and is rated highly by many in the tech industry. There are different versions of\u2026","rel":"","context":"Similar post","block_context":{"text":"Similar post","link":""},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEj204o8HcvzM7XUa4U1V8MmScuKtoHj9TiqeVP7JDq9wh7V6iLWA9vKMNeVTrtRpQ394eESTTJAubTcRZuaOlXIs1FJUylRDdOivEJQxOKdD1L2Qtry8DyV1xzD-KfKXE6x4P7Zl9dplseyFHjsR4dU-IG8cj4HHNvyluwwVx1QGJ5AJE250uWGWkwIaA\/s16000\/sfssf.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEj204o8HcvzM7XUa4U1V8MmScuKtoHj9TiqeVP7JDq9wh7V6iLWA9vKMNeVTrtRpQ394eESTTJAubTcRZuaOlXIs1FJUylRDdOivEJQxOKdD1L2Qtry8DyV1xzD-KfKXE6x4P7Zl9dplseyFHjsR4dU-IG8cj4HHNvyluwwVx1QGJ5AJE250uWGWkwIaA\/s16000\/sfssf.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEj204o8HcvzM7XUa4U1V8MmScuKtoHj9TiqeVP7JDq9wh7V6iLWA9vKMNeVTrtRpQ394eESTTJAubTcRZuaOlXIs1FJUylRDdOivEJQxOKdD1L2Qtry8DyV1xzD-KfKXE6x4P7Zl9dplseyFHjsR4dU-IG8cj4HHNvyluwwVx1QGJ5AJE250uWGWkwIaA\/s16000\/sfssf.jpg?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEj204o8HcvzM7XUa4U1V8MmScuKtoHj9TiqeVP7JDq9wh7V6iLWA9vKMNeVTrtRpQ394eESTTJAubTcRZuaOlXIs1FJUylRDdOivEJQxOKdD1L2Qtry8DyV1xzD-KfKXE6x4P7Zl9dplseyFHjsR4dU-IG8cj4HHNvyluwwVx1QGJ5AJE250uWGWkwIaA\/s16000\/sfssf.jpg?resize=700%2C400&ssl=1 2x"},"classes":[]}],"_links":{"self":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/2990","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/comments?post=2990"}],"version-history":[{"count":0,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/2990\/revisions"}],"wp:attachment":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/media?parent=2990"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/categories?post=2990"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/tags?post=2990"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}