Overview
Explore advanced exploitation techniques for Xen Hypervisor VM escape in this 44-minute conference talk from the Hack In The Box Security Conference. Delve into the implementation of the widely-used Xen virtualization platform, focusing on critical vulnerabilities that could compromise host machine security. Learn about the XSA-148/CVE-2015-7825 vulnerability, Xen Hypervisor internals, exploitation vectors in Xen environments, and practical VM escape techniques. Gain insights into previously undisclosed runtime details, methods to bypass Xen security mechanisms, and real-world examples of achieving Dom0/DomN root shells. Discover how these exploitation techniques can be applied to other similar vulnerabilities, enhancing your understanding of virtualization security research and improving cloud service provider security measures.
Syllabus
#HITB2016AMS D2T2 - Advanced Exploitation: Xen Hypervisor VM Escape - Shangcong Luan
Taught by
Hack In The Box Security Conference