Breakout Script of the Westworld - Tianwen Tang & Wei Xiao

Explore modern exploitation techniques for VMware's virtualization products in this conference talk from the Hack In The Box Security Conference. Dive into practical examples of Workstation and ESXi escapes, including those demonstrated at the Tianfu Cup and GeekPwn in 2018. Learn about vulnerabilities in virtual network cards and discover reliable primitives for spraying the host's heap, arranging heap layout, achieving arbitrary read and write capabilities, and bypassing CFG security mechanisms. Understand how to convert challenging vulnerabilities into stable exploits for arbitrary code execution. Examine an ESXi escape demonstration and discuss recent changes in VMware Workstation. Gain insights from experienced cybersecurity researchers who have won multiple virtualization escape challenges and received acknowledgments from major tech companies for their work in virtualization security.