Cool-Y.github.io/content.json

{"meta":{"title":"混元霹雳手","subtitle":null,"description":"没人比我更懂中医#MAGA","author":"Cool-Y","url":"https://cool-y.github.io","root":"/"},"pages":[{"title":"","date":"2019-04-15T07:35:38.084Z","updated":"2019-04-15T07:35:38.084Z","comments":true,"path":"baidu_verify_4WtqA1rZRc.html","permalink":"https://cool-y.github.io/baidu_verify_4WtqA1rZRc.html","excerpt":"","text":"4WtqA1rZRc"},{"title":"","date":"2019-04-15T07:35:38.085Z","updated":"2019-04-15T07:35:38.085Z","comments":true,"path":"googleacf4df440b4becc4.html","permalink":"https://cool-y.github.io/googleacf4df440b4becc4.html","excerpt":"","text":"google-site-verification: googleacf4df440b4becc4.html"},{"title":"关于我","date":"2019-03-17T10:55:11.000Z","updated":"2019-04-15T07:35:38.083Z","comments":false,"path":"about/index.html","permalink":"https://cool-y.github.io/about/index.html","excerpt":"","text":"一只想成为hacker的菜鸡的随笔自称混元霹雳手本科毕业于成都七中附属大学，EE专业现于街道口樱花大学攻读IS硕士偶尔分享踩过的坑以及一些乱七八糟的想法欢迎交流~"},{"title":"文章分类","date":"2019-03-16T09:42:42.000Z","updated":"2019-04-15T07:35:38.085Z","comments":false,"path":"categories/index.html","permalink":"https://cool-y.github.io/categories/index.html","excerpt":"","text":""},{"title":"","date":"2019-03-28T05:39:07.000Z","updated":"2019-07-01T12:29:27.676Z","comments":false,"path":"bookmarks/index.html","permalink":"https://cool-y.github.io/bookmarks/index.html","excerpt":"","text":"将常用的一些网站汇总在此，便于浏览和查询 安全博客 360核心安全技术博客 &nbsp;phrake &nbsp; Sec-WIKI &nbsp; 绿盟科技 论坛 看雪 &nbsp;Paper&nbsp; XDA&nbsp; FreeBuf&nbsp; 安全客&nbsp; 吾爱破解&nbsp; 吾爱漏洞&nbsp; 漏洞银行exploit-db CTF CTF领域指南&nbsp; pwnhub&nbsp; 乌云知识库&nbsp; ctf维基&nbsp; pwn台湾&nbsp; pwn韩国 技能学习 思否 iot 智能家居百科&nbsp; HomeAssistant&nbsp; HomeBridge 编程 codeforces&nbsp; leetcode 工具 mitmproxy&nbsp; msfvenom&nbsp; shellphish&nbsp; KALItools&nbsp;valgrind-内存泄露扫描利器 资源下载 Emoji表情&nbsp; Apk镜像 服务提供 云图片存储&nbsp; shodan"},{"title":"","date":"2019-08-08T12:35:31.000Z","updated":"2019-08-08T12:45:11.098Z","comments":false,"path":"hack之外/index.html","permalink":"https://cool-y.github.io/hack之外/index.html","excerpt":"","text":""},{"title":"文章标签","date":"2019-03-16T09:37:34.000Z","updated":"2019-04-15T07:35:38.085Z","comments":false,"path":"tags/index.html","permalink":"https://cool-y.github.io/tags/index.html","excerpt":"","text":""}],"posts":[{"title":"VM escape-QEMU Case Study","slug":"vm-escape1","date":"2021-04-10T10:25:46.000Z","updated":"2021-04-10T11:17:09.903Z","comments":true,"path":"2021/04/10/vm-escape1/","link":"","permalink":"https://cool-y.github.io/2021/04/10/vm-escape1/","excerpt":"","text":"1 Intro如今，虚拟机已大量部署以供个人使用或在企业细分市场中使用。 网络安全供应商使用不同的VM在受控和受限的环境中分析恶意软件。 一个自然的问题出现了：恶意软件能否从虚拟机中逃脱并在主机上执行代码？ 2015年，来自CrowdStrike的Jason Geffner报告了QEMU中的一个严重错误（CVE-2015-3456），该错误影响了虚拟软盘驱动器代码，这可能使攻击者从VM逃脱到主机。 此漏洞在netsec社区中引起了极大的关注，可能是因为它有一个专用名（VENOM），这并不是第一个此类漏洞。 2011年，Nelson Elhage在Blackhat 报告并成功利用了QEMU模拟PCI设备热插拔中的漏洞。 2016年，来自奇虎360的刘旭和王胜平在HITB 2016上展示了对KVM / QEMU的成功利用。 他们利用了两个不同的网卡设备仿真器模型RTL8139和PCNET中存在的两个漏洞（CVE-2015-5165和CVE-2015-7504）。 在他们的演讲中，他们概述了在主机上执行代码的主要步骤，但没有提供任何利用，也没有提供再现它的技术细节。 在本文中<EFBFBD><EFBFBD>