BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//talks.toorcon.net//toorcon-2021//talk//UQ7RVJ
BEGIN:VTIMEZONE
TZID:PST
BEGIN:STANDARD
DTSTART:20001029T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10;UNTIL=20061029T100000Z
TZNAME:PST
TZOFFSETFROM:-0700
TZOFFSETTO:-0800
END:STANDARD
BEGIN:STANDARD
DTSTART:20071104T030000
RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=11
TZNAME:PST
TZOFFSETFROM:-0700
TZOFFSETTO:-0800
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000402T030000
RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=4;UNTIL=20060402T110000Z
TZNAME:PDT
TZOFFSETFROM:-0800
TZOFFSETTO:-0700
END:DAYLIGHT
BEGIN:DAYLIGHT
DTSTART:20070311T030000
RRULE:FREQ=YEARLY;BYDAY=2SU;BYMONTH=3
TZNAME:PDT
TZOFFSETFROM:-0800
TZOFFSETTO:-0700
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-toorcon-2021-UQ7RVJ@talks.toorcon.net
DTSTART;TZID=PST:20211012T160000
DTEND;TZID=PST:20211012T165000
DESCRIPTION:You can use your favorite system monitoring drivers to gain cod
 e execution in the kernel by writing to a single register. \n\nModel Speci
 fic Registers (MSRs) are little known outside of Kernel developer circles.
  Even among kernel hackers\, the use of each register is not well known\, 
 with several registers being either partially or fully undocumented. This 
 has led to a proliferation of low quality kernel mode drivers that expose 
 primitives to read and write to these registers. While writing to a single
  register is seldom cause for celebration by the exploit developer\, in se
 veral instances an understanding of these registers can lead kernel remote
  code execution allowing for privilege escalation. This talk will explore 
 the purpose of these special registers\, how we can use them to get kernel
  code execution\, and how developers should be protecting themselves from 
 these attacks.
DTSTAMP:20260314T231606Z
LOCATION:The Point
SUMMARY:Making Mischief with Machine Specific Register Based Exploits - Joh
 n D Dunlap
URL:https://talks.toorcon.net/toorcon-2021/talk/UQ7RVJ/
END:VEVENT
END:VCALENDAR