For Science! - Using an Unimpressive Bug in EDK II To Do Some Fun Exploitation
Key | Action |
---|---|
K or space | Play / Pause |
M | Mute / Unmute |
C | Select next subtitles |
A | Select next audio track |
V | Show slide in full page or toggle automatic source change |
left arrow | Seek 5s backward |
right arrow | Seek 5s forward |
shift + left arrow or J | Seek 10s backward |
shift + right arrow or L | Seek 10s forward |
control + left arrow | Seek 60s backward |
control + right arrow | Seek 60s forward |
shift + down arrow | Decrease volume |
shift + up arrow | Increase volume |
shift + comma | Decrease playback rate |
shift + dot or shift + semicolon | Increase playback rate |
end | Seek to end |
beginning | Seek to beginning |
Share this media
HLS video stream
You can use an external player to play this stream (like VLC).
HLS video streamWhen subscribed to notifications, an email will be sent to you for all added annotations.
Your user account has no email address.
Information on this media
Links:
Number of views:
24Creation date:
July 3, 2023Speakers:
Gabrielle VialaLicense:
CC BY-SA v4Description
EDK II is the public implementation of UEFI on which a large part of the OEMs rely to craft their own firmware. If a vulnerability were to be found in this project, it could become a huge problem as it could impact many devices. Or... It could be unimpressive and go totally unnoticed because nobody cares. ¯\\\_(ツ)_/¯ In this talk, we'll present a bug in EDK II which is difficult to leverage in real life but still quite fun to attack. We'll see how we can build a complete exploit solely based on the mechanisms that are present in the public implementation and how we can gain arbitrary code execution in SMM thanks to that.
Gabrielle is a reverse engineer at Quarkslab. Her main domains of interest are the Windows internals and UEFI components.
Other media in the channel "2023"
- 98 views, 98 this year, 1 this monthWhy cyberoffense will never be regulatedJuly 5th, 2023
- 25 views, 25 this yearUsing Suricata to detect lateral movement in Windows environmentJuly 5th, 2023
- 100 views, 100 this yearDecrypt Kerberos/NTLM “encrypted stub data” in WiresharkJuly 5th, 2023
- 16 views, 16 this yearHow to survive to STIX parsing?July 5th, 2023
- 15 views, 15 this yearASN.1 templating for fun and profitJuly 5th, 2023
- 5 views, 5 this yearzekrom: an open-source library of arithmetization-oriented constructions for zkSNARK circuitsJuly 5th, 2023