Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Bug Hunting in VMware Device Virtualization - Security Vulnerabilities and Attack Surfaces

DEFCONConference via YouTube

Overview

Explore a groundbreaking security presentation that reveals a previously unexplored attack surface in VMware's Device Virtualization within VMKernel. Discover eight newly identified vulnerabilities, including three CVE-assigned issues and five VMware-confirmed security flaws, some of which were successfully exploited in the Tianfu Cup. Learn about the intricate loading process of vmm, data sharing mechanisms between vmm and vmx, and VMware's UserRPC communication system between the Hypervisor and Host. Examine security vulnerabilities across the USB system, including the host controller, VUsb middleware, and VUsb backend devices. Compare and contrast SCSI-related device emulation in virtual disk systems between VMware Workstation and ESXi, while understanding critical design flaws in VMKernel's disk device emulation implementation.

Syllabus

DEF CON 32 - Bug Hunting In VMware Device Virtualization - JiaQing Huang, Hao Zheng, Yue Liu

Taught by

DEFCONConference

Reviews

Start your review of Bug Hunting in VMware Device Virtualization - Security Vulnerabilities and Attack Surfaces

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.