The presentation discusses the process of reverse engineering a RISC architecture and finding vulnerabilities that allow for privilege escalation.
- The speaker used fuzzing to gather data on the RISC architecture and found vulnerabilities that allowed for privilege escalation
- The vulnerabilities allowed for accessing ring zero data from ring three
- The speaker demonstrated a payload that could elevate the current process to root permissions
- The process of reverse engineering and finding vulnerabilities was laborious but yielded exciting results
The speaker used a setup of seven systems hooked up to a master system to perform fuzzing tasks and record results for offline analysis. The relays on the systems were used to reboot targets that became corrupted during the process. After collecting 13-15 gigabytes of logs across 2.3 million different state disks for about 4,000 total hours of computer time, the speaker was able to sift through the logs and find vulnerabilities that allowed for privilege escalation.