[Dailydave] POC 2007 notes v 2

Rodrigo Rubira Branco (BSDaemon) rodrigo at kernelhacking.com
Sat Nov 17 09:46:34 EST 2007 

I had the opportunity to met Sun Bing at Xcon and VnSec this year and saw
his talk about BIOS rootkits.

The hardware bits you said are the TOP_SWAP register, used in BIOS updates
to grant against a power failure during the update.


cya,


Rodrigo (BSDaemon).

--
http://www.kernelhacking.com/rodrigo

Kernel Hacking: If i really know, i can hack

GPG KeyID: 1FCEDEA1


--------- Mensagem Original --------
De: Dave Aitel <dave at immunityinc.com>
Para: dailydave at lists.immunityinc.com <dailydave at lists.immunityinc.com>
Assunto: [Dailydave] POC 2007 notes v 2
Data: 16/11/07 07:20

>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> There were a lot of good talks today - in particular GilGil's talk on a
> new tool, in the same vein as Cain and Able, called SnoopSpy2 (which he
> just open-sourced)[1].
>
> Likewise the talk on Bios and VMWare vulnerabilities was interesting.
> Sun Bing had one demo where he got local Administrator on an XP SP2
> guest by using a VMWare vulnerability (unreleased). He also had several
> guest-&gt;host escape techniques (VMWare dieing due to memory access
> failures and such) - no working PoC here, just crashes. He said (via
> translator, so it's possible there was confusion) that his bugs only
> affected VMWare Workstation and not VMWare ESX. The Bios tricks were
> interesting as well - essentially they were documentation on how to
> install useful Bios rootkits or perform a really annoying DoS by
> flipping one of the hardware bits (would require complete power drain to
> reset).
>
> - -dave
>
> [1] http://gilgil.springnote.com/pages/567395
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFHPWkLtehAhL0gheoRAtVZAJ41xve/lXF/Z9CjLpoAFPZuJRrtWQCfXZ2T
> YytiSSkIQG8UzIRFoRhzOZs=
> =5Nbx
> -----END PGP SIGNATURE-----
> _______________________________________________
> Dailydave mailing list
> Dailydave at lists.immunitysec.com
> http://lists.immunitysec.com/mailman/listinfo/dailydave
>
>
>
>
>

________________________________________________
Message sent using UebiMiau 2.7.2

More information about the Dailydave mailing list