Bug Hunting in VMware Device Virtualization - A Dragon Slaying Guide
Hack In The Box Security Conference via YouTube
Overview
Explore a comprehensive conference talk from Hack In The Box Security Conference that delves into vulnerability research within VMware's device virtualization system. Learn about a newly discovered attack surface in VMKernel's device virtualization, an area previously unexplored by security researchers and not covered by VMware's defense systems. Discover how researchers uncovered 8 vulnerabilities, including 3 with CVE assignments and 5 confirmed by VMware, through detailed analysis of VMware virtualization components, USB virtualization bug hunting, and SCSI virtualization investigations. Gain insights into the loading process of vmm, data sharing mechanisms between vmm and vmx, UserRPC implementation, and security issues across USB system components including host controller, VUsb middleware, and backend devices. Understand the distinctions between SCSI-related device emulation in VMware Workstation and ESXi, along with design flaws in VMKernel's disk device emulation. Presented by a team of accomplished security researchers from QI-ANXIN Group's TianGong Team, who bring extensive experience in IoT and virtualization security research, with successful exploits demonstrated at various security competitions and conferences.
Syllabus
#HITB2024BKK D1 - Dragon Slaying Guide: Bug Hunting In VMware Device Virtualization
Taught by
Hack In The Box Security Conference