【直击HITB】虚拟机逃逸的“挖洞秘籍”

  • A+
所属分类:安全文章

微信又改版了,为了我们能一直相见

你的加星在看对我们非常重要

点击“长亭安全课堂”——主页右上角——设为星标🌟

期待与你的每次见面~


5月27日-28日,当今世界范围影响力最大的安全会议之一:HITB拉开知识的帷幕,以知识的免费分享传播知名的HITB一直都以满满干货和硬核演讲吸引着全球热衷技术的小伙伴。在今年的会议上,长亭科技也有两位师傅中选议题,分别就虚拟机逃逸漏洞挖掘与利用分享最新的研究思路。下面就带各位小伙伴直达HITB盛会,来看看如何精彩逃逸吧。


陈楠


长亭科技安全服务中心

Hack Out of The Box: Discovering 10+ Vulnerabilities in VirtualBox


This talk presents how we found some vulnerabilities in VirtualBox. In particular, we designed a special fuzzer for the virtualbox, which effectively found 10+ vulnerabilities.

We will introduce the design idea and implement skills used in the fuzzer, and disclose the details of some vulnerabilities. We will introduce in detail how to exploit these vulnerabilities, including some new exploit primitives. Finally , We will demonstrate the exploit of box escpae.

一句话推荐:你见过这样批量挖漏洞的吗?



张焱宇(flyyy)


长亭科技安全服务中心

A QEMU Black Box Escape via USB Device


In this paper, we briefly introduce the Qemu-KVM architecture at first, then we propose the new concept of a black box escape. After an in-depth analysis of CVE-2020-14364, we present our approach to achieving a black box escape of a QEMU virtual machine.

一句话推荐:OMG,是flyyy大神,看他看他!


对虚拟机逃逸逃逸感兴趣的小伙伴,欢迎留言和两位师傅讨论哦~


【直击HITB】虚拟机逃逸的“挖洞秘籍”
点分享
【直击HITB】虚拟机逃逸的“挖洞秘籍”
点收藏
【直击HITB】虚拟机逃逸的“挖洞秘籍”
点点赞
【直击HITB】虚拟机逃逸的“挖洞秘籍”
点在看

本文始发于微信公众号(长亭安全课堂):【直击HITB】虚拟机逃逸的“挖洞秘籍”

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: