Pwn2Own 2021 Vancouver: My Solo Hypervisor Escape Breakthrough

March 20th, 2024 – Alisa

In April 2021, I participated in the Pwn2Own Vancouver competition as an independent solo entrant and successfully demonstrated a zero-day virtual machine escape against the Parallels hypervisor - a target worth $40,000 cash bounty [1].

This post documents the event, releases the exploit source code, and provides a full technical walkthrough video. But more importantly, it seals the historical record.

The Exploit

The vulnerability was located in the Shared Folders subsystem of Parallels Desktop hypervisor, and the resulting exploit chain achieved full guest-to-host escape — executing code on the host from within the guest VM. My exploit had to be quite complicated: pivoting off a Linux Kernel module to a reverse-engineered protocol implementation to deliver the payload through the hypercall interface. I was able to achieve 100% reliability of the exploit: partly by finding a rare logic bug in hypervisor internals, and partly by following systematic exploit engineering principles (that are now included in my training programs).

Hypervisor escapes are considered to be one of the most challenging exploit classes, especially when delivered in the form of a zero day exploit. They are universally recognized as a strong technical accomplishment, regardles of the attack vector. I am proud of being able to elevate my skills beyond my first attempts with VirtualBox, to show a live exploit for a complex binary hypervisor.

The exploit was executed remotely by Pwn2Own staff under controlled conditions, while I oversaw the launch via remote video link.

Live demonstration record of Alisa's exploit at Pwn2Own 2021


Archived public acknowledgment by Zero Day Initiative (ZDI)


Confirmation by Dragos Ruiu, Pwn2Own founder


Exploit executed by Abdul Aziz Hariri, Pwn2Own operations lead

What Actually Happened

• The exploit was fully functional and achieved its intended impact of executing my shellcode on the host MacOS system. • It worked by breaking hypervisor isolation to pivot from inside of an up-to-date Parallels virtual machine to the Parallels hypervisor process on the host. • The vulnerability which I used, while internally known to Parallels, was unpatched and undisclosed at the time of the contest. • The contest organizers applied the label “partial win” because of the contest rule which penalized exploits if the vendor was privately aware of the security issue.

The cybersecurity community responded with strong criticism of that rule. Some prominent figures also criticized dismissive takes from the contest organizer, which emphasized "ascii art" in the entry success report tweet instead of clearly stating the actual exploit impact: 0-day VM escape.

My breakthrough was covered by independent media outlets (1, 2, 3, 4).

I received the cash bounty – partial, as per the above rule – and invested it into development of Zero Day Engineering training programs.

The Historical Threshold

This event marked the first ever female participation in the 17-year history of Pwn2Own, and the first technically complete 0-day VM escape by a woman on record.

In the field where female technical presence remains a rarity and everybody is campaigning to "get more women into it", I came in and showed my work. Not to prove anything — but as a side effect of being myself. Not as an emerging trend — as a break-through. That presence is now imprinted into the timeline: visible, undeniable, and earned without compromise.

Without downplaying my gender-specific breakthrough, I have to admit that I never aimed to be the first woman in anything. My values of excellence are universal, and my work targets cutting edge technical challenges – not the token awards. Today I keep advancing alongsite with the best minds in the field, not defined by gender or contests.

Code and Training

I’m releasing the exploit source code here: Exploit source code

And the full technical walkthrough video: Technical walkthrough video Slides

If you’re serious about hypervisors and want to go beyond this single bug, get my pro training: • Hypervisor Vulnerability Research This is the most comprehensive hypervisor exploit training program available on the market. Alumni include multiple Pwn2Own winners; a few attendees had found hypervisor security bugs worth $250,000 [1, 2, 3] by directly applying my insights and methodologies. If you're new and looking to get into zero day hunting and exploit development, start with my Zero Day Vulnerability Research course: • Zero Day Vulnerability Research This is the only universal course in the industry built by an actual advanced-level hacker. It doesn't just teach you shallow skills like, how to spot a buffer overflow; it starts from the mindset, builds up powerful mental models that apply to any research target, and then introduces essential cross-domain skills such as fuzzing, reverse engineering, and vulnerability analysis – so that you're future proof for decades ahead. While being entry-level, ZDVR course isn't shallow – it includes plenty of cutting edge insights and tips from my personal experience. And if you want to go deeper than the content offers, take the Complete package which includes technical support from me personally. My unique methodology comes from 10+ years of solo research work in multiple high-entry, high-stake technical fields: hypervisors, browsers, basebands - and further refined through the practice of hacking through barriers that few ever get exposed to. Which makes my trainings not just technical information - it's the blueprint of breakthrough. You can check out public training reviews here.

Research Training
1 • 0 • 1 • 0 • 1 • 0 • 1 • 0 • 1 • 0 • 1 • 0 • 1 • 0 • 1 • 0 • 1 • 0 • 1 • 0 • 1 • 0 • 1 •