Bug Hunting In VMware Device Virtualization
JiaQing Huang, Hao Zheng, Yue Liu
DEF CON 32 Main Stage · Day 1 · Main Stage
This talk, "Bug Hunting In VMware Device Virtualization," delivered by JiaQing Huang and Hao Zheng from the Tiangong team at Qianxin Group, offers a comprehensive guide for security researchers looking to delve into VMware virtualization security. The speakers, alongside their team leader Yue Liu, share their journey and methodologies, emphasizing a holistic approach to reverse engineering the entire VMware virtualization architecture rather than solely focusing on individual virtual device code. This perspective is crucial for identifying how guest operating systems can influence and exploit underlying host components.
AI review
This talk from the Qianxin Tiangong team provides a no-nonsense deep dive into VMware virtualization security. Instead of chasing individual device bugs, they lay out a comprehensive architectural approach, dissecting the VMX process, User RPC, and Shared Area mechanisms that underpin VMware Workstation and ESXi. Their methodology, proven by successful escapes and disclosures, offers actionable insights for both offensive researchers and defenders seeking to understand and exploit/harden guest-to-host boundaries. It's a genuine technical contribution that cuts through the usual fluff.