RingHopper: From User-Land to SMM - A Journey Through UEFI Vulnerabilities

Explore a detailed security conference talk from DEF CON 31 that reveals the journey of discovering RingHopper, a method for escalating privileges from user-land to System Management Mode (SMM). Learn about industry-wide vulnerabilities found in UEFI implementations across eight major vendors that affected billions of devices. Dive deep into SMM exploitation techniques, understanding both successful and unsuccessful approaches to gaining code execution through edk2 functionalities. Discover various privilege escalation methods on Windows and Linux systems through vulnerability chaining, culminating in a demonstration of RingHopper's capability to transition from user-space to SMM. Follow along this 40-minute technical presentation that uncovers the researchers' methodology, challenges, and ultimate success in identifying and responsibly disclosing these critical security findings.