Korean Rookie Hackers' Journey: Road to Pwn2Own with a VirtualBox Exploit
Han-seo Kim
Hexacon 2025 · Day 2 · Main Stage
This talk, presented by Han-seo Kim, details the remarkable journey of young Korean hackers, specifically Team PrisonBreak, from foundational cybersecurity education to achieving a significant victory at Pwn2Own. The presentation not only illuminates the unique structure and intensity of Korea's cybersecurity training programs but also provides an in-depth technical breakdown of the **VirtualBox vulnerabilities** they discovered and exploited to achieve a **VM escape** to a host operating system. The core of their success lay in identifying and weaponizing an **integer overflow** within the **VGA `RectCopy` function** and an **out-of-bounds write** in the **VirtIO-Net GSO feature**, ultimately leading to **arbitrary read/write primitives** and host code execution.
AI review
A genuinely impressive piece of work from a team of students who had no business being this good this fast. Han-seo Kim and Team PrisonBreak did real exploit research — found two independent VM escape chains in VirtualBox, got one patched before they could use it, pivoted to the other, and still walked away from Pwn2Own with a win. The technical content is solid: integer overflow in VGA RectCopy leading to OOB R/W, creative use of GMR structures for multi-gigabyte heap spray to tame an enormous OOB offset, URB structure abuse for arbitrary R/W primitives, and function pointer overwrite for…