Overview
This course aims to provide fundamental architectural knowledge and resources for security researchers interested in x86 platform misuse. It covers CPU ring privileges, basic research hypervisors, and emerging technologies. The teaching method includes discussing architectural events, technologies, and case studies. The course is intended for security researchers looking to conduct their own research with a focus on research questions rather than setup.
Syllabus
Intro
Architectural Research
Klaus
Privilege Levels
Virtual Memory
CPU Memory
Translation
IDT
EFI
Interrupts
Page Fault
Performance Counters
Branch Tracing
VM Exit
EPT Fault
System Management Mode
Case Study
TLB Split
Memory Access Trap
Thin Hypervisor
Kernel Driver
Bear flank hypervisor
Why bear flank
LibVMI
Simplevisor
Linux
UEFI
Puff Library
Outro
Taught by
Cooper