POSTED BY: census / 01.10.2018

Microsoft BlueHat v18

CENSUS participated in the Microsoft BlueHat v18 Security Conference with a presentation on a VMware guest-to-host escape methodology. The presentation was delivered by CENSUS researcher Zisis Sialveras and was entitled "Straight Outta VMware: Modern exploitation of the SVGA device for guest-to-host escapes".

Zisis demonstrated a set of exploitation primitives that could be used to escape from a guest virtualization environment to the host environment. The exploitation methodology was based on the exploitation of bugs in the SVGA subsystem of the VMware workstation virtualization technology. The host and guest environments used were running the Microsoft Windows 10 Professional operating system. The presentation also provided a quick evaluation of the effectiveness of proactive protections present in the VMware software and the Microsoft Windows host environment.

CENSUS would like to thank the organizers for participating in this great event.