Dailydave mailing list archives
Re: POC 2007 notes v 2
From: "Rodrigo Rubira Branco (BSDaemon)" <rodrigo () kernelhacking com>
Date: Sat, 17 Nov 2007 14:46:34 -0000
I had the opportunity to met Sun Bing at Xcon and VnSec this year and saw his talk about BIOS rootkits. The hardware bits you said are the TOP_SWAP register, used in BIOS updates to grant against a power failure during the update. cya, Rodrigo (BSDaemon). -- http://www.kernelhacking.com/rodrigo Kernel Hacking: If i really know, i can hack GPG KeyID: 1FCEDEA1 --------- Mensagem Original -------- De: Dave Aitel <dave () immunityinc com> Para: dailydave () lists immunityinc com <dailydave () lists immunityinc com> Assunto: [Dailydave] POC 2007 notes v 2 Data: 16/11/07 07:20
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 There were a lot of good talks today - in particular GilGil's talk on a new tool, in the same vein as Cain and Able, called SnoopSpy2 (which he just open-sourced)[1]. Likewise the talk on Bios and VMWare vulnerabilities was interesting. Sun Bing had one demo where he got local Administrator on an XP SP2 guest by using a VMWare vulnerability (unreleased). He also had several guest->host escape techniques (VMWare dieing due to memory access failures and such) - no working PoC here, just crashes. He said (via translator, so it's possible there was confusion) that his bugs only affected VMWare Workstation and not VMWare ESX. The Bios tricks were interesting as well - essentially they were documentation on how to install useful Bios rootkits or perform a really annoying DoS by flipping one of the hardware bits (would require complete power drain to reset). - -dave [1] http://gilgil.springnote.com/pages/567395 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHPWkLtehAhL0gheoRAtVZAJ41xve/lXF/Z9CjLpoAFPZuJRrtWQCfXZ2T YytiSSkIQG8UzIRFoRhzOZs= =5Nbx -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
________________________________________________ Message sent using UebiMiau 2.7.2 _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- POC 2007 notes v 2 Dave Aitel (Nov 16)
- Re: POC 2007 notes v 2 Joanna Rutkowska (Nov 16)
- Re: POC 2007 notes v 2 Dave Aitel (Nov 16)
- <Possible follow-ups>
- Re: POC 2007 notes v 2 Rodrigo Rubira Branco (BSDaemon) (Nov 17)
- Re: POC 2007 notes v 2 Joanna Rutkowska (Nov 16)