YoVDO

The Great Escape of ESXi

Offered By: media.ccc.de via YouTube

Tags

Conference Talks Courses Cybersecurity Courses System Administration Courses Security Vulnerabilities Courses VMware ESXi Courses Arbitrary Code Execution Courses

Course Description

Overview

Explore the intricacies of breaking out of a sandboxed virtual machine in this 40-minute conference talk from the 36th Chaos Communication Congress. Delve into the world of VMware ESXi, a bare-metal hypervisor crucial for enterprise-level cloud infrastructure. Discover the challenges of escaping virtual machines in ESXi due to its robust sandbox mechanism, customized filesystem, and kernel. Learn about the fundamentals of the ESXi hypervisor, including its unique bootloader, kernel, filesystem, and virtual devices. Examine attack surfaces in current implementations and uncover security vulnerabilities related to virtual machine escape. Analyze the bugs leveraged in the escape chain, specifically CVE-2018-6981 and CVE-2018-6982, and explore reliable techniques for heap manipulation and arbitrary code execution in the host context. Gain insights into ESXi's sandbox design and the methods used to circumvent it. Witness a full chain escape demonstration on ESXi 6.7, showcasing the first public VMware ESXi escape.

Syllabus

Introduction
Presentation
Overview
Vulnerability
Combining Vulnerability
VMware Tools
Questions


Taught by

media.ccc.de

Related Courses

Breaking VSM by Attacking SecureKernel
Black Hat via YouTube Kernel Exploitation with a File System Fuzzer
Hack In The Box Security Conference via YouTube The Road to iOS Sandbox Escape
Hack In The Box Security Conference via YouTube Exploiting QSEE, The Raelize Way
Hack In The Box Security Conference via YouTube The Best Laid Schemes - Attacking URL Schemes
Hack In The Box Security Conference via YouTube