VirtualBox is collapsing: a n-day story

Hi everyone! It’s been a while :) This year I’ve worked on a project for the thesis for my bachelor’s degree regarding hypervisor exploitation. This was my first time looking at hypervisor exploitation, so I decided to start with a known vulnerability without a public exploit available. TL;DR: I managed to write a full exploit for a linux host and a windows host (both using a linux guest OS).

I will present my project at m0leCon 2023 in Turin (December 2nd). Here you can find more details about the conference :) The talk is going to be recorded, I’ll post here the link to the video once it has been released. I can’t wait for next week! :)

Image

Resources

Exploit Demo (Windows Host OS)

Exploit Demo (Linux Host OS)