farazsth98/hypervisor_research_notes farazsth98/hypervisor_research_notes

  • Stars
    star
    134
  • Rank 270,967 (Top 6 %)
  • Language
    C
  • Created over 3 years ago
  • Updated over 3 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
farazsth98/hypervisor_research_notes
github

farazsth98

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Some hypervisor research notes. There is also a useful exploit template that you can use to verify / falsify any assumptions you may make while auditing code, and for exploit development.

Introduction

Over the past few weeks, I've been doing some hypervisor research here and there, with most of my focus being on PCI device emulation code within Virtualbox and QEMU. While doing this research, I've learned quite a few tricks that help a lot when writing proof of concepts to verify / falsify any assumptions you may have about a certain bit of code. They're also very useful in general when writing exploits.

This repo is meant to aggregate all of these tips and tricks in one place, and will hopefully be kept updated by me (or you!).

Contents

Useful links

  1. A full e1000 exploit in an LKM - https://github.com/cchochoy/e1000_fake_driver/
  2. Qemu VM Escape Case Study - http://phrack.org/papers/vm-escape-qemu-case-study.html

More Repositories

1

real-world-ethereum-hacks-remastered

Solidity
24
star
2

CTF

CTF solve scripts. Some writeups on my blog, others on my gist. Check the challenge directories for links.
Python
7
star
3

freebsd-dirent-info-leak-bugs

Some FreeBSD info leak bugs I found in 2020.
C
5
star
4

my-presentations

All my presentations
Python
5
star
5

picoctf-2019-pwn-challenges

My first foray into heap exploitation
Python
4
star
6

nday-pocs

PoCs for N-days I've analysed
JavaScript
3
star
7

damn-vulnerable-defi

Solidity
3
star
8

rop-emporium-solutions

A repository of all rop-emporium problems and their solutions
Python
3
star
9

ids-pcap-analysis

IDS stuff
2
star
10

ctf-pwntools-skeleton

An initial skeleton script I use for all my binary exploit scripts
Python
1
star
11

firefaith

As I am currently learning Rust, I thought an interesting project would be to create a VM for my own implementation of an assembly language that looks very similar to x86_64. Inspired by https://blog.subnetzero.io/post/building-language-vm-part-00/
Rust
1
star
12

scoping-tool

VS Code extension to help with scoping out audits. Unfinished.
TypeScript
1
star