Virtualization technology is fast becoming the backbone of the security strategy for modern computing platforms. Hyper-V, Microsoft's virtualization stack, is no exception and is therefore held to a high security standard, as is demonstrated by its $250,000 public bug bounty program.
As one might expect, Microsoft's own engineers are continually looking for vulnerabilities in the code that makes up their products. Perhaps more unexpectedly, Microsoft also develops exploits for these products in an effort to gain a better understanding of the techniques involved and mitigate them before they can be used against customers. In this talk, we will relate how Microsoft's Offensive Security Research (OSR) team did just that with Hyper-V by discovering CVE-2017-0075, developing relevant and novel exploitation techniques to exploit it, and finally contributing learnings to Hyper-V hardening efforts. The presentation will detail every step of this process in great detail, culminating in a live Hyper-Pwning demonstration.