Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Bug Hunting in VMware Device Virtualization - A Dragon Slaying Guide

Hack In The Box Security Conference via YouTube

Overview

Explore a comprehensive conference talk from Hack In The Box Security Conference that delves into vulnerability research within VMware's device virtualization system. Learn about a newly discovered attack surface in VMKernel's device virtualization, an area previously unexplored by security researchers and not covered by VMware's defense systems. Discover how researchers uncovered 8 vulnerabilities, including 3 with CVE assignments and 5 confirmed by VMware, through detailed analysis of VMware virtualization components, USB virtualization bug hunting, and SCSI virtualization investigations. Gain insights into the loading process of vmm, data sharing mechanisms between vmm and vmx, UserRPC implementation, and security issues across USB system components including host controller, VUsb middleware, and backend devices. Understand the distinctions between SCSI-related device emulation in VMware Workstation and ESXi, along with design flaws in VMKernel's disk device emulation. Presented by a team of accomplished security researchers from QI-ANXIN Group's TianGong Team, who bring extensive experience in IoT and virtualization security research, with successful exploits demonstrated at various security competitions and conferences.

Syllabus

#HITB2024BKK D1 - Dragon Slaying Guide: Bug Hunting In VMware Device Virtualization

Taught by

Hack In The Box Security Conference

Reviews

Start your review of Bug Hunting in VMware Device Virtualization - A Dragon Slaying Guide

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.