Description
Last year, in the talk Virtualization from an attacker Point-Of-View, Corentin BAYET presented the attack surface exposed by hypervisors, with a quick analysis of a few known (and patched) bugs.
Earlier this year, the REverse Tactics team participated at Pwn2Own Vancouver 2024 and escaped from VirtualBox during the contest, scoring a full win.
Building on last year’s exploration of hypervisor security, this talk focuses specifically on VirtualBox’s internals and architecture. The speaker details his journey on how he quickly found bugs in the huge code base.
More specifically, this talk details how he conducted his research, how he chose on what to focus, the tools he used, and the mistakes he made.
Additionally, he provides an in-depth analysis of how the exploit was constructed for a real-world escape scenario. This includes detailed steps and techniques used to bypass VirtualBox’s and Windows mitigations.