Timekiller: Escape From QEMU/KVM - Exploiting Asynchronous Clock Vulnerabilities
Hack In The Box Security Conference via YouTube
Free courses from frontend to fullstack and AI
Stuck in Tutorial Hell? Learn Backend Dev the Right Way
Overview
Build a Learning Habit
Download Class Central's free printable study calendar
Download for Free
Explore a groundbreaking technique for guest-to-host escape exploitation in QEMU/KVM hypervisors through this 53-minute conference talk from Hack In The Box Security Conference. Discover the "Timekiller" attack approach, which leverages asynchronous clock mechanisms to turn a heap overflow write vulnerability into a powerful exploit. Learn how to transform a malloc-use-free primitive into a malloc primitive and achieve arbitrary address write capabilities. Witness the first public virtual machine escape exploit in the virtio-crypto device, demonstrating how Timekiller can be combined with virtio-crypto device structures to exploit most heap overflow write vulnerabilities in QEMU. Gain insights from a team of skilled researchers who have made significant contributions to system security and virtualization security, including reporting vulnerabilities in KVM, QEMU, and VirtualBox.
Syllabus
#HITB2023HKT D1T2 - Timekiller: Escape From QEMU/KVM - Y. Jia, X. Lei, Yiming Tao, G. Pan & C. Wu
Taught by
Hack In The Box Security Conference