LPE in Ring -3 / Intel ME

This talk is about the exploitation of bugs in the ME system component through the IPC mechanism. To escalate our privileges, we have to get arbitrary access to the file system’s objects, bypass the integrity checks of the launched modules and metadata with access rights attributes, and launch a custom module to read/write to the host system’s memory.