Important Notice: Our web hosting provider recently started charging us for additional visits, which was unexpected. In response, we're seeking donations. Depending on the situation, we may explore different monetization options for our Community and Expert Contributors. It's crucial to provide more returns for their expertise and offer more Expert Validated Answers or AI Validated Answers. Learn more about our hosting issue here.

Whats happening at Ring -2?

happening Joanna review Reviews ring rootkit tom's hardware toms hardware
0
Posted

Whats happening at Ring -2?

0 CommentsAdd a Comment

1 Answer

0

Joanna: Yeah, Ring -1 malware is so 2006! Every x86 CPU has also something that is called System Management Mode (SMM), which itself is nothing new, as it has been present since the 80386 processors. What makes it interesting now is that when virtualization has been added to the processors, it turned out that SMM mode actually was granted higher privileges than the newly introduced Ring -1 hypervisor mode. Thus we called it “Ring -2” to stress its power over the hypervisor mode. Our team hasn’t been the first that played with SMM, however. In 2006, Loic Duflot presented a very nice attack against OpenBSD securelevel mechanism that used SMM mode. Loic used SMM as a “tool” in his attack, not as a target. Back then, in 2006, it was not unusual for the SMM not to be protected in any way on most systems–so if one had root access (or kernel-mode access), one could inject any code they wanted into the SMM and had it executed with SMM privileges. Of course, one still had to have this root or

0 CommentsAdd a Comment

Related Questions

What is your question?

*Sadly, we had to bring back ads too. Hopefully more targeted.

Experts123