This year again, we participated at Pwn2Own, which was held for the first time in Berlin during the amazing Offensive Con.
On Saturday, May 18th, the last day of the contest, we showcased an exploitation chain leveraging multiple vulnerabilities in VMware ESXi.
Starting from a controlled virtual machine, we demonstrated a virtual machine escape and executed arbitrary code on the host.
Thanks again to Trend Micro Zero Day Initiative for the amazing event, we are now waiting for VMware patches before releasing more technical details on the vulnerabilities and exploits.