"If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle." --- Sun Tzu
Ring -2...
- Attacking Intel® BIOS - 200907
- Getting into the SMRAM: SMM Reloaded - 2009
- System Management Mode Design and Security Issues - 201002
- A New Class of Vulnerabilities in SMI Handlers - 201503
- BARing the System: New vulnerabilities in Coreboot & UEFI based systems - 201701
- UEFI Firmware Rootkits: Myths and Reality - 201703
- Attacking hypervisors through hardware emulation - 201703
- SMM Rootkits: A New Breed of OS Independent Malware - 2008, video at BH08 USA.
- System Management Mode Hack Using SMM for "Other Purposes" - 200803
- Attacking SMM Memory via Intel® CPU Cache Poisoning - 200903, code is here.
- A Real SMM Rootkit: Reversing and Hooking BIOS SMI Handlers
- Following the White Rabbit: Software Attacks against Intel® VT-d - 201103
- Exploring new lands on Intel CPUs (SINIT code execution hijacking) - 201112
- Hardware and firmware attacks: Defending, detecting, and responding, video is here.