Explore a groundbreaking physical DMA attack that exploits vulnerabilities in standard DIMM slot hardware design. Learn about an undetectable method that doesn't require a specific port, using a custom PCB probe with an FPGA to connect to exposed DDR4 pins on off-the-shelf desktop systems. Discover how attackers can masquerade as benign memory controllers to read or modify memory at any physical address while the system is in S3 sleep state. Gain insights into this novel technique presented by Anna Trikalinou and Dan Lake, which allows arbitrary memory manipulation in live, unmodified systems using a rogue memory controller.
Overview
Syllabus
Taking DMA Attacks to the Next Level
Taught by
Black Hat