About  Project Blog Resources

Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Free BSD Bhyve Virtualization Escape- 260

Maxime VillardPosted 5 Years Ago
  • Bhyve is a hypervisor that can be used on Intel and AMD chips in order to run virtual machines. It is exclusive to BSD.
  • Even though I am not familiar with how virtualization works, the bug is pretty simple! The AMD (and likely Intel, but not directly mentioned) chips have a number of instructions that act directly on the VM host physical addresses. These instructions should be trapped (intercepted) but are not.
  • The instructions VMLOAD, VMSAVE and SKINIT are the ones that are not being intercepted. This can allow for a write-what-where primitive on the Host of the VM (with some restrictions).
  • The author puts a teaser for a super easy way to get code exec, but does not actual put it. But, there is a little more information on twitter.

Maxwell DulinEmail me!TwitterGithubAdminBlog RSS FeedResources RSS Feed