Explore modern exploitation techniques for VMware's virtualization products in this conference talk from the Hack In The Box Security Conference. Dive into practical examples of Workstation and ESXi escapes, including those demonstrated at the Tianfu Cup and GeekPwn in 2018. Learn about vulnerabilities in virtual network cards and discover reliable primitives for spraying the host's heap, arranging heap layout, achieving arbitrary read and write capabilities, and bypassing CFG security mechanisms. Understand how to convert challenging vulnerabilities into stable exploits for arbitrary code execution. Examine an ESXi escape demonstration and discuss recent changes in VMware Workstation. Gain insights from experienced cybersecurity researchers who have won multiple virtualization escape challenges and received acknowledgments from major tech companies for their work in virtualization security.
Breakout Script of the Westworld - Tianwen Tang & Wei Xiao
Hack In The Box Security Conference via YouTube
Overview
Syllabus
#HITBLockdown002 - D1T1 - Breakout Script of the Westworld - Tianwen Tang & Wei Xiao
Taught by
Hack In The Box Security Conference
Related Courses
-
URB Excalibur - New VMware All-Platform VM Escapes
-
The Great Escape of ESXi
-
SeasCoASA - Exploiting A Small Leak In A Great Ship
-
MacOS Security - Escaping The Sandbox & Bypassing TCC
-
Hack Out of the Box - Discovering 10+ Vulnerabilities in VirtualBox
-
Binder - The Bridge To Root - Hongli Han and Mingjian Zhou
