Brian Gorenc and Abdul-Aziz Hariri

Virtual machines play a crucial role in modern computing. They are often used to isolate multiple customers with instances on the same physical server. Virtual machines are also used by researchers and security practitioners to isolate potentially harmful code for analysis and review.

An assumption is made that they are a way of securely containing and isolating potentially malicious code, however this is known to be incorrect.

Over the past year, the Zero Day Initiative (ZDI) program has begun to see submissions targeting VMware Workstation and Fusion that result in guest-to-host escapes. Additionally, at the Pwn2Own 2017 competition earlier this year, two separate teams managed to exploit a guest operating system, escape the virtual environment, and execute code on the host operating system. This represents the first time such a VMware escape was demonstrated at the contest and earned the contestants the highest cash prizes of the competition.

Brian and Abdul-Aziz's "L'art de l’Évasion: Modern VMWare Exploitation Techniques", will dive deep into modern exploitation techniques of VMware vulnerabilities. 

 

Brian Gorenc is the Director of Vulnerability Research with Trend Micro. In this role, Gorenc leads the Zero Day Initiative (ZDI) program, which represents the world’s largest vendor-agnostic bug bounty program. His focus includes analyzing and performing root-cause analysis on hundreds of zero-day vulnerabilities submitted by ZDI researchers from around the world. The ZDI works to expose and remediate weaknesses in the world’s most popular software. Brian is also responsible for organizing and adjudicating the ever-popular Pwn2Own hacking competitions. 

Gorenc has been with ZDI since 2012, continually working on discovering new vulnerabilities, analyzing attack techniques, and identifying vulnerability trends. His work has led to the discovery and remediation of numerous critical vulnerabilities in Microsoft, Adobe, Oracle, open-source, SCADA systems, and embedded devices. He has presented at numerous security conferences such as Black Hat, DEF CON, Breakpoint, Ruxcon, PacSec, REcon and RSA. More recently, Brian led the team that was awarded the Microsoft Mitigation Bypass Bounty and Blue Hat Bonus for Defense bounty, which resulted in $125,000 being donated to STEM programs. During his leadership, the Zero Day Initiative program coordinated the disclosure of over 3500 zero-day vulnerabilities. 

Prior to joining Trend Micro, Gorenc worked for Lockheed Martin on the F-35 Joint Strike Fighter (JSF) program. In this role, he led the development effort on the Information Assurance (IA) products in the JSF’s mission planning environment. In addition to degrees from Southern Methodist University and Texas A&M, Brian holds multiple certifications including (ISC)2's CISSP and CSSLP.

 

Abdul-Aziz Hariri is a security researcher with the Zero Day Initiative program. In this role, Hariri analyzes and performs root-cause analysis on hundreds of vulnerabilities submitted to the Zero Day Initiative (ZDI) program, which is the world's largest vendor-agnostic bug bounty program. His focus includes performing root-cause analysis, fuzzing and exploit development. Prior to joining ZDI, Hariri worked as an independent security researcher and threat analyst for Morgan Stanley emergency response team. 

During his time as an independent researcher, he was profiled by Wired magazine in their 2012 article, Portrait of a Full-Time Bug Hunter. In 2015, Abdul was part of the research team that submitted "Breaking Silent Mitigations - Gaining code execution on Isolated Heap and MemoryProtection hardened Internet Explorer" to the Microsoft bounty program. Their submission netted the highest payout to date from the Microsoft bounty program where the proceeds went to many STEM organizations.