Recently Immunity researcher Kostya Kortchinsky has exploited a serious vulnerability in VMWare's hypervisor that allows Guest to Host escaping. During this presentation Kostya will explain the vulnerability primitives, how to combine these primitives into a reliable exploit that bypasses EP/ASLR, how to make that exploit reliable across Linux, Windows XP, and Windows Vista, and how to obtain post-exploitation control of the host without any network access. This extremely technical talk will delve into the detailed workings of a highly complex exploit and discuss the development process in a rare level of depth.