For Science! - Using an Unimpressive Bug in EDK II To Do Some Fun Exploitation
2023-07-03, 15:25–16:00 (Europe/Paris), Amphitheater

EDK II is the public implementation of UEFI on which a large part of the OEMs rely to craft their own firmware. If a vulnerability were to be found in this project, it could become a huge problem as it could impact many devices. Or... It could be unimpressive and go totally unnoticed because nobody cares. ¯\_(ツ)_/¯
In this talk, we'll present a bug in EDK II which is difficult to leverage in real life but still quite fun to attack.
We'll see how we can build a complete exploit solely based on the mechanisms that are present in the public implementation and how we can gain arbitrary code execution in SMM thanks to that.

See also: slides

Gabrielle is a reverse engineer at Quarkslab. Her main domains of interest are the Windows internals and UEFI components.