Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Sponsored by: █ Sparkhost - Hosting Without Compromises! █ Hybrid Performance Web Hosting █ Spark Host Stream Hosting █ Hybrid IRC & IRCd Server Shell Accounts

Cloudburst (Hacking 3D And Breaking Out Of Vmware)

Started by Juza , Apr 22 2010 05:41 AM

Please log in to reply

3 replies to this topic

#1 Juza

Specialist

Sergeant Major
149 posts

Posted 22 April 2010 - 05:41 AM

This is the video of the talk titled "Cloudburst: Hacking 3D (and Breaking Out of VMware)" given by Kostya Kortchinsky at Blackhat 2009. You can download the presentation slides from here.

Virtualization is everywhere, and VMware is a major actor in the domain. A MacOS user running a Windows only application in a Fusion guest. A malware researcher analysing the latest Conficker in a Workstation guest. A big company running a cloud virtualized on some ESX servers. All of them rely on the security offered by the virtualization software, as a breakout would have disastrous consequences.

Yet VMware products include implement a lot of functionality, and as such have a decent chance to include some bugs. CLOUDBURST is the combination of 3 of those found in the virtualized video device (more specifically the 3D code). Combined, these allow a user in a Guest to execute code on the Host. Since the virtualized device code is the same for all the branches of the products, this impacts Workstation, as well as Fusion or ESX. Immunity, Inc. will present the various vulnerabilities and the techniques used to exploit the bug reliably, even on platforms with ASLR or DEP such as Vista SP1. Once exploited, Immunity will demonstrate how to establish MOSDEF between the Host and Guest.

Video

Go to iamjuza.blogspot.com
Follow me twitter.com/iamjuza

^{The true beginning of our end.}