[Cryptography] Intel Management Engine pwnd
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Wed Nov 29 02:03:37 EST 2017
James A. Donald <jamesd at echeque.com> writes:
>But since normal code manages listening on ports, how does the management
>engine do this. How does the management engine hook your tcp-ip stack?
It doesn't hook your network stack, it implements a layer 2 rootkit. Traffic
intended for the ME gets intercepted by the ME before anything at a higher
level sees it. See Arrigo Triulzi's (much more creative) work on doing this
in the NIC, e.g:
http://www.alchemistowl.org/arrigo/Papers/Arrigo-Triulzi-CANSEC10-Project-Maux-III.pdf
Peter.
More information about the cryptography
mailing list