Manufacturers are adding secret machine instructions to x86 chips, and it’s putting us all at risk. These instructions are undocumented, unacknowledged, and potentially dangerous – but they’re sitting in your processor right now. Last year, with the sandsifter project, we discovered how to find these hidden instructions, by combining a page fault analysis and a depth-first-search algorithm to intelligently generate machine code and search through the x86 instruction set. Using this technique, we found new x86 hardware glitches, previously unknown machine instructions, ubiquitous software bugs, and flaws in enterprise hypervisors. But now a year has passed, and we have a lot more to share. In this presentation, we present the first major update to the sandsifter x86 processor fuzzer since its release. We’ll disclose entirely new hypervisor flaws, show how to take down BSD with two bytes of code, and release all the gory details of a denial-of-service ‘halt-and-catch-fire’ instruction found in some x86 processors. With these flaws and more in mind, we’ll illustrate how to use sandsifter to audit your own processor and expose its bugs and secrets.