Out of the (v)Box

Presented at ekoparty 14 (2018), Sept. 26, 2018, 4 p.m. (50 minutes)

The highly used virtualization software such as Oracle VirtualBox, allows the isolated execution of different "guest" operating systems on a "host" operating system. When the "guest" operating system requires hardware resources, VirtualBox provides communication channels to the host to meet requests as required. It's extremely interesting to be able to analyze the different communications protocols and the access control to these channels. This talks presents my experience in the development of a VM escape in VirtualBox, analyzing reported vulnerabilities in 3D acceleration components. The reverse engineering process of these components will be technically detailed, how the hypervisor processes rendering commands, the exploitation of vulnerabilities achieving a memory leak, and a write-what-where to corrupt a buffer object to then obtain a stable platform for arbitrary reading and writing that finally ends up in a code execution on the host. A technical demo of the exploit of the VM escape will be shown.


  • JosuĂ© Rojas
    Started creating assembler cheats for MMORPG online games 10 years ago. Then he dedicated himself to unpacking various binary protections and he's been a CTF player for 4 years in amn3s1a and ID-10-T in charge of the reversing / exploiting category. Currently, he works as an Exploit Writer in Core Security, and during his free time, he impersonates a basketball player to analyze parables created in the trajectory of a ball towards the basket to then improve his pitch percentage.


Similar Presentations: