Guest Revolution: Chaining 3-bugs to compromise the Windows kernel from the VMware guest

Guest Revolution: Chaining 3-bugs to compromise the Windows kernel from the VMware guest

MediaVideo
Yanac

In this presentation, we will showcase our VMware full-chain exploitation, including a Windows Kernel Elevation of Privilege, as demonstrated at Pwn2Own 2024. First, we’ll provide an in-depth analysis of two VMware vulnerabilities and explain how we exploited them, introduce tips and techniques for targeting VMware in the latest Windows guest and host environments. Next, we will delve into a Windows Kernel Elevation of Privilege vulnerability, introducing new exploitation primitives capable of overcoming the latest mitigations in Windows 24H2. Finally, we’ll demonstrate how these exploits were chained together for a comprehensive attack, concluding with key insights and the future implications of our work.

By: Junoh Lee & Gwangun Jung

Full Abstract and Presentation Materials:
https://www.blackhat.com/eu-24/briefings/schedule/#guest-revolution-chaining-3-bugs-to-compromise-the-windows-kernel-from-the-vmware-guest-42293Black HatRead More