VMware stands out as one of the most widely used hypervisors, making it a prime target for guest-to-host escape exploits. SVGA is VMware's virtual graphics device that can be used from the guest environment to draw graphics into the monitor. Given its complex nature, SVGA represents a fertile ground for discovering vulnerabilities that facilitate guest-to-host escape exploits.
This presentation offers a personal account of the speaker's journey in tackling the VMware hypervisor. Beginning with a modest background in hypervisors, the speaker recounts their initial foray into this complex target. He shares insights into his process of uncovering bugs, which were previously undisclosed (now patched), and details the journey towards identifying robust primitives essential for crafting guest-to-host escape exploits. Throughout the presentation, the audience will be treated to an in-depth exploration of several discovered bugs, accompanied by a breakdown of the techniques employed to exploit them effectively.
By:
Zisis Sialveras | Computer Security Researcher, CENSUS S.A.
Full Abstract and Presentation Materials:
www.blackhat.c...