Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Advanced DMA Reentrancy Techniques to Escape QEMU

Hack In The Box Security Conference via YouTube

Overview

Explore advanced DMA reentrancy techniques for escaping QEMU in this 49-minute conference talk from the Hack In The Box Security Conference. Delve into the world of DMA MMIO reentrancy issues, a new attack surface that hackers are focusing on due to extensive auditing of normal I/O handler code. Learn about DMA Reflection and DMA Refraction techniques, and discover how to leverage 'vulnerability zombies' to create a new attack approach called DMA Oriented Programming (DMA-OP). Review the research history of DMA MMIO reentrancy issues, understand the prerequisites in detail, and examine real-world vulnerabilities as examples. Gain insights into overcoming exploitation challenges, including a demonstration of a QEMU escape exploit. Explore methods for bypassing patches of fixed DMA vulnerabilities and consider future challenges in DOP research. As a bonus, expect the release of full exploit code for a 0-day QEMU vulnerability and potentially a tool for automatically building DOP-chains on QEMU.

Syllabus

#HITB2023AMS D1T1 - Advanced DMA Reentrancy Techniques To Escape QEMU - A. Wang & Q. Jin

Taught by

Hack In The Box Security Conference

Reviews

Start your review of Advanced DMA Reentrancy Techniques to Escape QEMU

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.