Diego Palacios

I earned a Bachelor’s degree in Cybersecurity Engineering from Universidad Rey Juan Carlos, graduating top of my cohort with 23 Honours and an average grade of 9.25/10. I was awarded the Bachelor’s Degree Extraordinary Award.

Currently, I work as a Cybersecurity Researcher at WTW (FINEX Western Europe).

If you’d like to know more about me, feel free to check out my LinkedIn:

About Me (CV)

My Latest Work

• Oracle VM VirtualBox 7.0.10 r158379 Escape
  • In this post, I’ll take you through an in-depth analysis of CVE-2023-22098. We’ll begin by exploring the vulnerability and diving into some Virtio-net internals. Next, I’ll guide you through setting up a debugging environment, and we’ll wrap things up by developing a fully reliable PoC that escapes VirtualBox (it includes an ASLR bypass).
• Quememu Writeup HackOn 2024 CTF
  • In this post, I’ll walk you through an in-depth analysis of one of the challenges I created with a colleague for the HackOn 2024 CTF. It’s a QEMU escape challenge built around a custom device we added. To capture the flag, participants must break out of the QEMU virtual machine and read a file located on the host. This writeup focuses on the vulnerability and the full exploitation process.
• N-day exploit: CVE-2023-22098 (VirtualBox 7.0.10 r158379 Escape)
  • Proof of concept for CVE-2023-22098 discovered by Andy Nguyen.
• N-day exploit: CVE-2023-4911 (Looney Tunables)
  • Proof of concept for CVE-2023-4911 (Looney Tunables) discovered by Qualys Threat Research Unit.
• PWN challenges created for the Hackon CTF 2023 and 2024
  • These challenges were developed alongside a colleague. Some of the challenge topics include:
    • QEMU Escape
    • Slub off-by-one to escape Seccomp
    • TOCTOU
    • Shellcoding