In this blog post we'll see a technique to gain code execution in SMM from a very limited write primitive.

This blogpost briefly presents the Windows Notification Facility and provides a write-up for a nice exercise that was given by Bruce Dang during his workshop at Recon Montreal 2018.