Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Exploiting the Hyper-V IDE Emulator to Escape the Virtual Machine

Black Hat via YouTube

Overview

Examine a powerful vulnerability in Hyper-V's emulated storage component and learn how it was exploited on Windows Server 2012R2 in this 50-minute Black Hat conference talk. Explore the bug's discovery, constraints, and memory layout before witnessing a live demonstration. Delve into various exploitation techniques, including attempts on Windows 10 1709, RPC server calls, and memory copy gadgets. Analyze the raw payload and its demo, followed by insights into the VM Worker process. Conclude with valuable lessons on language safety, bug elimination, and virtualization sandboxing in this comprehensive exploration of Hyper-V security.

Syllabus

Intro
The story of the vulnerability
The bug
Constraints
Memory Layout
Demo
Windows 10 1709
Ideas
First Attempt
VideoDirtListener
Looping in Direct Caller
RPC Server Call2
MemCopy Gadget
Strategy
Raw payload
Raw payload demo
Second payload
VM Worker
Lessons Learned
Language Safety
Bug Elimination
Virtualization Sandbox
Outro

Taught by

Black Hat

Reviews

Start your review of Exploiting the Hyper-V IDE Emulator to Escape the Virtual Machine

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.