Мануал/Книга [BlackHat Asia 2024] Unveiling the Cracks in Virtualization, Mastering the Host System--VMware Workstation Escape

[weaver]

Description

VMware Workstation is used by software developers and network security practitioners. Users can run dangerous programs in it without affecting the host system. However, if these programs can escape, the host system is no longer safe. If APT attack organizations exploit these vulnerabilities to attack these practitioners, it would be a disaster.

Attacks on virtualization often involve virtualization devices. In past public competitions for virtualization escapes, vulnerabilities in devices such as graphics cards, network cards, USB controllers, and Backdoor have been used. In recent years, multiple security vulnerabilities have appeared in USB devices in escape exploits.

In this talk, I will introduce several security vulnerabilities that have appeared in the USB1.1 controller, including those used by the Fluoroacetate team in Pwn2Own 2019, those I used in TianfuCup 2021, and those I used in TianfuCup 2023. Based on the vulnerabilities in TianfuCup 2023, I will describe my complete exploitation process, how I leaked information, how I read and wrote arbitrarily, and how I bypassed Windows' protection mechanisms

blackhat.com/asia-24/briefings/schedule/#unveiling-the-cracks-in-virtualization-mastering-the-host-system--vmware-workstation-escape-36321

slides
i.blackhat.com/Asia-24/Presentations/Asia-24-VictorV-Unveiling-the-Cracks-in-Virtualization-Mastering-the-Host-System.pdf