Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

RingHopper: From User-Land to SMM - A Journey Through UEFI Vulnerabilities

DEFCONConference via YouTube

Overview

Explore a detailed security conference talk from DEF CON 31 that reveals the journey of discovering RingHopper, a method for escalating privileges from user-land to System Management Mode (SMM). Learn about industry-wide vulnerabilities found in UEFI implementations across eight major vendors that affected billions of devices. Dive deep into SMM exploitation techniques, understanding both successful and unsuccessful approaches to gaining code execution through edk2 functionalities. Discover various privilege escalation methods on Windows and Linux systems through vulnerability chaining, culminating in a demonstration of RingHopper's capability to transition from user-space to SMM. Follow along this 40-minute technical presentation that uncovers the researchers' methodology, challenges, and ultimate success in identifying and responsibly disclosing these critical security findings.

Syllabus

DEF CON 31 - Ringhopper - How We Almost Zero day’d the World - Benny Zeltser, Jonathan Lusky

Taught by

DEFCONConference

Reviews

Start your review of RingHopper: From User-Land to SMM - A Journey Through UEFI Vulnerabilities

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.