TyphoonCon
  • About
    • About Us
    • Venue
    • Sponsors
    • Press
    • Code Of Conduct
    • Contact
    • COVID-19 Regulations
    • Past events
      • TyphoonCon 2022
      • TyphoonCon Capture The Flag 2021
      • TyphoonCon 2020
      • TyphoonPWN 2020
      • TyphoonCon 2019
  • Conference
    • 2023 Speakers
    • 2023 Conference Agenda
  • Training
    • Introduction to hard target internals
    • Attacking the Linux Kernel
    • Mastering Fuzzing
  • Competitions
    • TyphoonPWN
    • TyphoonCon CTF 2023
BUY TICKETS
  • About
    • About Us
    • Venue
    • Sponsors
    • Press
    • Code Of Conduct
    • Contact
    • COVID-19 Regulations
    • Past events
      • TyphoonCon 2022
      • TyphoonCon Capture The Flag 2021
        • TyphoonCon Capture The Flag 2021 Write Ups
      • TyphoonCon 2020
      • TyphoonPWN 2020
      • TyphoonCon 2019
  • Conference
    • 2023 Speakers
    • 2023 Conference Agenda
  • Training
    • Introduction to hard target internals
    • Attacking the Linux Kernel
    • Mastering Fuzzing
  • Competitions
    • TyphoonPWN
    • TyphoonCon CTF 2023
Menu
  • About
    • About Us
    • Venue
    • Sponsors
    • Press
    • Code Of Conduct
    • Contact
    • COVID-19 Regulations
    • Past events
      • TyphoonCon 2022
      • TyphoonCon Capture The Flag 2021
        • TyphoonCon Capture The Flag 2021 Write Ups
      • TyphoonCon 2020
      • TyphoonPWN 2020
      • TyphoonCon 2019
  • Conference
    • 2023 Speakers
    • 2023 Conference Agenda
  • Training
    • Introduction to hard target internals
    • Attacking the Linux Kernel
    • Mastering Fuzzing
  • Competitions
    • TyphoonPWN
    • TyphoonCon CTF 2023
BUY TICKETS
BUY TICKETS
  • About
    • About Us
    • Venue
    • Sponsors
    • Press
    • Code Of Conduct
    • Contact
    • COVID-19 Regulations
    • Past events
      • TyphoonCon 2022
      • TyphoonCon Capture The Flag 2021
        • TyphoonCon Capture The Flag 2021 Write Ups
      • TyphoonCon 2020
      • TyphoonPWN 2020
      • TyphoonCon 2019
  • Conference
    • 2023 Speakers
    • 2023 Conference Agenda
  • Training
    • Introduction to hard target internals
    • Attacking the Linux Kernel
    • Mastering Fuzzing
  • Competitions
    • TyphoonPWN
    • TyphoonCon CTF 2023
Menu
  • About
    • About Us
    • Venue
    • Sponsors
    • Press
    • Code Of Conduct
    • Contact
    • COVID-19 Regulations
    • Past events
      • TyphoonCon 2022
      • TyphoonCon Capture The Flag 2021
        • TyphoonCon Capture The Flag 2021 Write Ups
      • TyphoonCon 2020
      • TyphoonPWN 2020
      • TyphoonCon 2019
  • Conference
    • 2023 Speakers
    • 2023 Conference Agenda
  • Training
    • Introduction to hard target internals
    • Attacking the Linux Kernel
    • Mastering Fuzzing
  • Competitions
    • TyphoonPWN
    • TyphoonCon CTF 2023
Back to Agenda

Exploiting preauth RCE and Sandbox escape vulnerabilities in ESXi

Talk overview:

VMware ESXi, also called VMware ESXi Server, is a bare-metal hypervisor developed by VMware for vSphere. ESXi is one of the primary components in the VMware infrastructure software suite. It’s the industry leader for efficient architecture, setting the standard for reliability, performance, and support. SLPD is a system service of ESXi, available before authentication, run with root privilege after ESXi 5.5, enabled by default before ESXi 7.0 U2c. It was reported that attackers are targeting multiple vulnerabilities in ESXi SLPD, for example, the massive ESXiArgs ransomware attack. Succeed to exploit Vulnerability in SLP, an attacker can get the root shell in ESXi and rule all the VM on it. However, there is no discussion about how to exploit these vulnerabilities. In this representation, we will talk about multiple vulnerabilities of SLP including preauth RCE and sandbox escape, including analyzing the root cause, and how to exploit these vulnerabilities stably. In the end, we also cover some novel techniques on how to do post-exploitation on ESXI.

Share on

you might be interested in

Explore all talks
Keynote Speaker

How to build Skynet – a system that hacks systems

Professor Insu Yun
|
Assistant Professor at KAIST
Keynote Speaker

Exploring Offensive Security in Korea

Yongil Lee
|
CISO at Peoplefund

When Athletic Abilities Just Aren’t Enough – Scoreboard Hacking

Maxwell Dulin
|
Senior security consultant at Security Innovation
Explore all talks

Take part in The Best
All Offensive Security
Conference in Asia

Get your TyphoonCon tickets today!

buy tickets

for more information

Email Info@typhooncon.com

Follow us

  • Facebook
  • Twitter
  • Linkedin
  • Facebook
  • Twitter
  • Linkedin
  • Email