Exploiting the Hyper-V IDE Emulator to Escape the Virtual Machine
Offered By: Black Hat via YouTube
Course Description
Overview
Examine a powerful vulnerability in Hyper-V's emulated storage component and learn how it was exploited on Windows Server 2012R2 in this 50-minute Black Hat conference talk. Explore the bug's discovery, constraints, and memory layout before witnessing a live demonstration. Delve into various exploitation techniques, including attempts on Windows 10 1709, RPC server calls, and memory copy gadgets. Analyze the raw payload and its demo, followed by insights into the VM Worker process. Conclude with valuable lessons on language safety, bug elimination, and virtualization sandboxing in this comprehensive exploration of Hyper-V security.
Syllabus
Intro
The story of the vulnerability
The bug
Constraints
Memory Layout
Demo
Windows 10 1709
Ideas
First Attempt
VideoDirtListener
Looping in Direct Caller
RPC Server Call2
MemCopy Gadget
Strategy
Raw payload
Raw payload demo
Second payload
VM Worker
Lessons Learned
Language Safety
Bug Elimination
Virtualization Sandbox
Outro
Taught by
Black Hat
Related Courses
Advanced Operating SystemsGeorgia Institute of Technology via Udacity Cloud Computing Applications, Part 1: Cloud Systems and Infrastructure
University of Illinois at Urbana-Champaign via Coursera GT - Refresher - Advanced OS
Georgia Institute of Technology via Udacity Introduction to Cloud Infrastructure Technologies
Linux Foundation via edX Microsoft Windows Server 2012 Fundamentals: Hyper-V
Microsoft via edX