Pwning coworkers thanks to LaTeX

Writing reports in LaTeX is painful. However, it's a great occasion to bring joy to the office and pwn a coworker's laptop while he's kindly proofreading your pentest report.

From SMM to userland in a few bytes

In 2014, @coreykal, @xenokovah, @jwbutterworth3 @ssc0rnwell gave a talk entitled Extreme Privilege Escalation on Windows 8/UEFI Systems at Black Hat USA. They introduced the idea of a SMM rootkit called The Watcher slides (57 to 63). To sum it up:

Playing with SMM and QEMU

10 years ago, playing with SMM seemed to be quite risky. Audacious people were flashing their BIOS, running the risk of bricking their machine. Since a few years, the raise of UEFI and Secure Boot is an incentive for virtualisation solutions to implement SMM. For instance, KVM developers work hard on the subject.