The Great Escape of ESXi
Offered By: media.ccc.de via YouTube
Course Description
Overview
Explore the intricacies of breaking out of a sandboxed virtual machine in this 40-minute conference talk from the 36th Chaos Communication Congress. Delve into the world of VMware ESXi, a bare-metal hypervisor crucial for enterprise-level cloud infrastructure. Discover the challenges of escaping virtual machines in ESXi due to its robust sandbox mechanism, customized filesystem, and kernel. Learn about the fundamentals of the ESXi hypervisor, including its unique bootloader, kernel, filesystem, and virtual devices. Examine attack surfaces in current implementations and uncover security vulnerabilities related to virtual machine escape. Analyze the bugs leveraged in the escape chain, specifically CVE-2018-6981 and CVE-2018-6982, and explore reliable techniques for heap manipulation and arbitrary code execution in the host context. Gain insights into ESXi's sandbox design and the methods used to circumvent it. Witness a full chain escape demonstration on ESXi 6.7, showcasing the first public VMware ESXi escape.
Syllabus
Introduction
Presentation
Overview
Vulnerability
Combining Vulnerability
VMware Tools
Questions
Taught by
media.ccc.de
Related Courses
Breaking VSM by Attacking SecureKernelBlack Hat via YouTube Kernel Exploitation with a File System Fuzzer
Hack In The Box Security Conference via YouTube The Road to iOS Sandbox Escape
Hack In The Box Security Conference via YouTube Exploiting QSEE, The Raelize Way
Hack In The Box Security Conference via YouTube The Best Laid Schemes - Attacking URL Schemes
Hack In The Box Security Conference via YouTube