The amazing Benny Zeltser & Jonathan Lusky hopped from ring 3 into ring -2 and back, just in time to tell us how.

I guess now would be great opportunity for an hello world tweet :) Thank you for hopping in to our talk, we "hopped" you enjoyed it! BlueHat IL Benny Zeltser #RingHopper #UEFI #SMM

Jonathan Lusky and I submitted our talk "The #RingHopper Journey: Hopping through the maze of SMM exploitation" where we delve into the realm of SMM exploitation and talk extensively about the journey, rather than only the destination. Fingers crossed we get to deliver this talk

Our talk from BlueHat IL is live! youtube.com/watch?v=CJDv_b… In our live demo on stage, we hopped from user-space to SMM modifying the BIOS logo 😎 Benny Zeltser #RingHopper #UEFI

2023-03-29 "RingHopper – Hopping from User-space to God Mode" Slides: msrndcdn360.blob.core.windows.net/bluehat/blueha… Video: youtube.com/embed/CJDv_bcI… By Jonathan Lusky & Benny Zeltser Added to darkmentor.com/timeline.html

Great summary of the recent BitLocker attacks. In many cases, these attacks can bypass Secure Boot by design. As #BlackLotus just did with BatonDrop exploit recently. github.com/Wack0/bitlocke…

Bug bounties are broken - the story of "i915" bug, ChromeOS + Intel bounty programs, and beyond Google VRP (Google Bug Hunters) Intel Security How the unspoken problems of bug bounties can be addressed? "Imbalance of Power" is a real problem and it should be changed. blog.pi3.com.pl/?p=931

The “Architecture 4021: Introductory UEFI” ost2.fyi/Arch4021 #OST2 class videos are now publicly available via a YouTube playlist for those interested in downloading for offline viewing in the future. But as always, the best experience is in-class. youtube.com/playlist?list=…

I’m glad to share that I’ll be presenting with Benny Zeltser at DEF CON. Come visit our talk “The RingHopper Journey or How We Almost Zero-day’d the 🌎”, Friday at 10am. #RingHopper

It was an incredible experience presenting our #ringhopper talk at #DEFCON31 Our slides are available at media.defcon.org/DEF%20CON%2031… Many thanks to everyone who came to our talk and to DEF CON for having us! Jonathan Lusky

Israeli Vulnerability Researchers, mark your calendars.

📢 Super thrilled to announce that our #RingHopper talk presented @ #DefCon31 is now LIVE on YouTube! 🎉📺 If you want to dive even deeper into the details of our research, check out our awesome blog post series too! medium.com/@RingHopper/em… 📚🔍 Jonathan Lusky

Extremely excited to be speaking in the first edition of #NoOffense! Seats are limited, make sure to register while you can.

Just dropped the second blog in our #RingHopper series! Join us on our mission to acquire write-primitives within the tightly secured SMRAM medium.com/@RingHopper/th…

Just released the third blog in our #RingHopper series! 📝 Dive in as we showcase the transformation of a seemingly weak write primitive into unauthorized code execution in SMM 💻🔒 medium.com/@RingHopper/br… Jonathan Lusky

📢 Just dropped the fourth and final blog post in the #RingHopper saga! In this post, we elevated the attack to operate from user-land and thus, managed to hop from Ring 3 to SMM. Explore the details in our latest post here: medium.com/@RingHopper/co… ⭕🦗 Jonathan Lusky

If you're interested in doing Android vulnerability research, exploit engineering or low level dev, we're also expanding and recruiting, both remote and local. We have immensely talented folks and top notch memes, and are looking for experienced researchers and developers.

Is remote code execution in UEFI firmware possible? Yes it is. Meet #PixieFAIL: 9 vulnerabilities in the IPv6 stack of EDK II, the open source UEFI implementation used by billions of computers. Full details by Francisco Falcon and iarce in our new blog post: blog.quarkslab.com/pixiefail-nine…

Breaking News: Registration is now open! nooffensecon.org/registration We're proud to announce our top lectures for NoOFFENSE 2024, featuring exclusive content never seen before. See you there, NoOFFENSE team *Participation depends on registration and seat availability.

Yesterday was a hit! Huge thanks to shayb and Aviel Warschawski, who shared insights with 150 of Israel's top researchers. We appreciate everyone who participated and apologize to those who couldn’t get in due to high demand. This is the beginning of an exciting legacy.