Tags: side-channel timing pwn cpu cache 

Rating: 5.0

TLDR.: Use a flush and reload timing attack to leak the flag from the running program.

https://github.com/ENOFLAG/writeups/blob/master/pwn2win2020/stolen_backdoor/README.md

Original writeup (https://github.com/ENOFLAG/writeups/blob/master/pwn2win2020/stolen_backdoor/README.md).