Presented at
DEF CON 33 (2025),
Aug. 8, 2025, 12:30 p.m.
(45 minutes).
Catastrophic hardware failures. From an aging I/O device to cosmic ray bit flips, memory degradation to CPU fires. When an unrecoverable hardware error is detected, the common platform response is to generate a Machine Check Exception, and shut down before the problem gets worse.
In this talk, we'll see what happens when we circumvent all the traditional fail safes. What happens when, instead of exceptionally rare failures from natural causes, we deliberately create these fatal events from software. When instead of a platform shutdown, we force the system to limp along, damaged but alive. We'll show how carefully injecting these signals during privileged CPU operations can disrupt secure transitions, how those disruptions progress to cascading system failures, and how to ride the chaos to gain hardware privilege escalation. Finally, we'll see how to undo the damage, recover from the unrecoverable, and let the system continue as if nothing happened - now with a foothold in privileged space, all through hardware failure events synthesized through software-only attacks.
We'll conclude by showing how to use this vector to reveal all-new hardware vulnerabilities, and walk through a brave new world of machine check research opportunities - for both attackers and defenders - across technologies and architectures.
Presenters:
-
Christopher "xoreaxeaxeax" Domas
Christopher Domas (@xoreaxeaxeax) is a security researcher primarily focused on firmware, hardware, and low level processor exploitation. He is best known for releasing impractical solutions to non-existent problems, including the world's first single instruction C compiler (M/o/Vfuscator), toolchains for generating images in program control flow graphs (REpsych), and Turing-machines in the vi text editor. His more relevant work includes the sandsifter processor fuzzer, rosenbridge backdoor, the binary visualization tool ..cantor.dust.., and the memory sinkhole privilege escalation exploit.
Similar Presentations: