In this presentation we will demonstrate multiple vulnerabilities in the hardware emulation functionality of hypervisors. We will explain methods, including fuzzers in the CHIPSEC framework, to find vulnerabilities in such interfaces and present details about vulnerabilities in VirtualBox and QEMU hypervisors. Also we are going to demonstrate how to use emulation issues as a general approach for hypervisor fingerprinting.
Oleksandr Bazhaniuk is a security researcher in the Advanced Threat Research team at Intel, Inc. His primary interests are low-level hardware security, bios/uefi security, and automation of binary vulnerability analysis. His work has been presented at many conferences, including Black Hat USA, Hack In The Box, Hackito Ergo Sum, Positive Hack Days, Toorcon, CanSecWest, Troopers, USENIX. He is also a co-founder of DCUA, the first DefCon group in Ukraine.