Forwarded from Deleted Account
[zerons] @niconiconi: 效果其实差不多的吧, ring0能干的事, 用户的任何信息其实都能搞到的
Forwarded from Deleted Account
[zerons] 一台裸机, 里面有个RING-3的MINIX, 没有用户还是什么都干不了. 用户能操作也就RING0-3这些.
Forwarded from Deleted Account
[niconiconi] zerons: 但区别就是,Ring 3 的攻击你可以检测出来,Ring 0 的攻击和你平级,原则上也可以加固系统降低攻击面,也可以审计出来;< Ring 0 的攻击完全在内核的控制范围之外
Forwarded from Deleted Account
[niconiconi] 入侵者是从更高维度的空间对你发起打击的,你毫无任何办法,可以参考科幻小说
Forwarded from Deleted Account
[zerons] 但是之前对硬盘的固件是进行过处理的, 所以对那个固件的操作的影响还算比较清楚
Forwarded from Deleted Account
[niconiconi] zerons: 可以先看看以前基于 Ring -2 的研究 https://it.slashdot.org/story/15/08/07/1127222/researcher-exploits-18-year-old-design-flaw-to-compromise-x86-chips/
it.slashdot.org
Researcher Exploits 18-Year-Old Design Flaw To Compromise X86 Chips
jfruh writes: Security researcher Christopher Domas has demonstrated a method of installing a rootkit in a PC's firmware that exploits a feature built into every x86 chip manufactured since 1997. The rootkit infects the processor's System Management Mode…
Forwarded from Deleted Account
[niconiconi] zerons: 先看看 SMM / Ring -2 上的攻击者能做什么
Forwarded from Deleted Account
[niconiconi] > The rootkit infects the processor's System Management Mode, and could be used to wipe the UEFI or even to re-infect the OS after a clean install.