Andrea Mambretti is a system security researcher at IBM Research Europe, Zurich Laboratory. He received his Ph.D. from Northeastern University, in the SecLab under the supervision of Engin Kirda. Since 2011, he's participated in several CTF competitions (Ictf, Ructf, Defcon and others) with both the TowerOfHanoi and Shellphish teams. (Audience members will surely fall into two partitions: those who are more impressed by Andrea's PhD, and those who are more impressed by his membership in Shellphish 😉). Today, Andrea joined us to discuss some of his security research into ROP attacks, specifically attacks that exploit timing-based side-channels caused by speculative execution. This research builds on the academic legacy of attacks like Spectre, but formalizes the relevant threat models and explores the full space of relevant attack varieties. The talk was fun, technical, and exciting. We concluded with a question-and-answer/discussion section, mostly centered on (a) attack realizability against differing architectures, and (b) mitigations/defenses. This was a great talk, and we hope you enjoy it post-hoc!