Advertisement

[Confidence0902] The Glass Cage - Virtualization Security

Claudio Criscione
Security Manager at Google
Nov. 23, 2009
[Confidence0902] The Glass Cage - Virtualization Security
[Confidence0902] The Glass Cage - Virtualization Security
[Confidence0902] The Glass Cage - Virtualization Security
[Confidence0902] The Glass Cage - Virtualization Security
[Confidence0902] The Glass Cage - Virtualization Security
[Confidence0902] The Glass Cage - Virtualization Security
[Confidence0902] The Glass Cage - Virtualization Security
[Confidence0902] The Glass Cage - Virtualization Security
[Confidence0902] The Glass Cage - Virtualization Security
[Confidence0902] The Glass Cage - Virtualization Security
[Confidence0902] The Glass Cage - Virtualization Security
[Confidence0902] The Glass Cage - Virtualization Security
[Confidence0902] The Glass Cage - Virtualization Security
[Confidence0902] The Glass Cage - Virtualization Security
[Confidence0902] The Glass Cage - Virtualization Security
[Confidence0902] The Glass Cage - Virtualization Security
[Confidence0902] The Glass Cage - Virtualization Security
[Confidence0902] The Glass Cage - Virtualization Security
[Confidence0902] The Glass Cage - Virtualization Security
[Confidence0902] The Glass Cage - Virtualization Security
[Confidence0902] The Glass Cage - Virtualization Security
[Confidence0902] The Glass Cage - Virtualization Security
[Confidence0902] The Glass Cage - Virtualization Security
[Confidence0902] The Glass Cage - Virtualization Security
[Confidence0902] The Glass Cage - Virtualization Security
[Confidence0902] The Glass Cage - Virtualization Security
[Confidence0902] The Glass Cage - Virtualization Security
[Confidence0902] The Glass Cage - Virtualization Security
[Confidence0902] The Glass Cage - Virtualization Security
[Confidence0902] The Glass Cage - Virtualization Security
[Confidence0902] The Glass Cage - Virtualization Security
[Confidence0902] The Glass Cage - Virtualization Security
[Confidence0902] The Glass Cage - Virtualization Security
[Confidence0902] The Glass Cage - Virtualization Security
[Confidence0902] The Glass Cage - Virtualization Security
[Confidence0902] The Glass Cage - Virtualization Security
[Confidence0902] The Glass Cage - Virtualization Security
[Confidence0902] The Glass Cage - Virtualization Security
[Confidence0902] The Glass Cage - Virtualization Security
[Confidence0902] The Glass Cage - Virtualization Security
[Confidence0902] The Glass Cage - Virtualization Security
[Confidence0902] The Glass Cage - Virtualization Security

Check these out next

2020-12-21 ISC^2 Suisse Romande speech
2020-12-21 ISC^2 Suisse Romande speech
Luca Bertagnolio
In Cloud We Trust
In Cloud We Trust
Andy Harjanto
Security in windows azure
Security in windows azure
Patriek van Dorp
Automated Security Hardening with OpenStack-Ansible
Automated Security Hardening with OpenStack-Ansible
Major Hayden
Top 6 Practices to Harden Docker Images to Enhance Security
Top 6 Practices to Harden Docker Images to Enhance Security
9 series
Beyond Network Virtualization
Beyond Network Virtualization
Open Networking Summits
Truly Secure: The Steps a Security Practitioner Took to Build a Secure Public...
Truly Secure: The Steps a Security Practitioner Took to Build a Secure Public...
John Kinsella
The weather ahead: Clouds
The weather ahead: Clouds
zoopster
1 of 42

[Confidence0902] The Glass Cage - Virtualization Security

Nov. 23, 2009
Download to read offline
Technology

The Glass Cage, the presentation I gave at Confidence 2009-02 about virtualization security, detailing various attack patterns to virtualization infrastructures.

Claudio Criscione
Security Manager at Google
Advertisement
Advertisement
Advertisement

Recommended

System Imager.20051215System Imager.20051215
System Imager.20051215guest95b42b589 views36 slides
Real Security in a Virtual EnvironmentReal Security in a Virtual Environment
Real Security in a Virtual EnvironmentMattias Geniar596 views57 slides
The Good The Bad The VirtualThe Good The Bad The Virtual
The Good The Bad The VirtualClaudio Criscione2.8K views48 slides
Virtualizing Testbeds For Fun And ProfitVirtualizing Testbeds For Fun And Profit
Virtualizing Testbeds For Fun And Profitmatthew.maisel498 views35 slides
Stop disabling SELinux!Stop disabling SELinux!
Stop disabling SELinux!Maciej Lasyk11.7K views33 slides
Top Ten Security Considerations when Setting up your OpenNebula CloudTop Ten Security Considerations when Setting up your OpenNebula Cloud
Top Ten Security Considerations when Setting up your OpenNebula CloudNETWAYS3K views15 slides

More Related Content

Slideshows for you(11)

2020-12-21 ISC^2 Suisse Romande speech2020-12-21 ISC^2 Suisse Romande speech
2020-12-21 ISC^2 Suisse Romande speech
Luca Bertagnolio1.2K views
In Cloud We TrustIn Cloud We Trust
In Cloud We Trust
Andy Harjanto1.5K views
Security in windows azureSecurity in windows azure
Security in windows azure
Patriek van Dorp529 views
Automated Security Hardening with OpenStack-AnsibleAutomated Security Hardening with OpenStack-Ansible
Automated Security Hardening with OpenStack-Ansible
Major Hayden9.5K views
Top 6 Practices to Harden Docker Images to Enhance SecurityTop 6 Practices to Harden Docker Images to Enhance Security
Top 6 Practices to Harden Docker Images to Enhance Security
9 series61 views
Beyond Network VirtualizationBeyond Network Virtualization
Beyond Network Virtualization
Open Networking Summits280 views
Truly Secure: The Steps a Security Practitioner Took to Build a Secure Public...Truly Secure: The Steps a Security Practitioner Took to Build a Secure Public...
Truly Secure: The Steps a Security Practitioner Took to Build a Secure Public...
John Kinsella380 views
The weather ahead: CloudsThe weather ahead: Clouds
The weather ahead: Clouds
zoopster407 views
Docker security - OWASP SeasidesDocker security - OWASP Seasides
Docker security - OWASP Seasides
OWASPSeasides51 views
Tekvizyon acronis cyber cloudTekvizyon acronis cyber cloud
Tekvizyon acronis cyber cloud
Tekvizyon Pc Teknoloji Hizmetleri121 views
Cloud-Aided Yocto Build SpeedupCloud-Aided Yocto Build Speedup
Cloud-Aided Yocto Build Speedup
Toradex 191 views

Viewers also liked(6)

Standing on the cloudsStanding on the clouds
Standing on the clouds
Claudio Criscione2.9K views
Introduzione alla computer forensic - acquisizioneIntroduzione alla computer forensic - acquisizione
Introduzione alla computer forensic - acquisizione
Claudio Criscione771 views
Sicurezza della virtualizzazione - SMAU 2009Sicurezza della virtualizzazione - SMAU 2009
Sicurezza della virtualizzazione - SMAU 2009
Claudio Criscione394 views
Virtually Pwned: Hacking VMware [ITA - SMAU10]Virtually Pwned: Hacking VMware [ITA - SMAU10]
Virtually Pwned: Hacking VMware [ITA - SMAU10]
Claudio Criscione753 views
Virtually PwnedVirtually Pwned
Virtually Pwned
Claudio Criscione2.5K views
Defending against Java Deserialization Vulnerabilities Defending against Java Deserialization Vulnerabilities
Defending against Java Deserialization Vulnerabilities
Luca Carettoni17.9K views
Advertisement

Similar to [Confidence0902] The Glass Cage - Virtualization Security(20)

open source virtualizationopen source virtualization
open source virtualization
Kris Buytaert3.4K views
Rootlinux17: An introduction to Xen Project VirtualisationRootlinux17: An introduction to Xen Project Virtualisation
Rootlinux17: An introduction to Xen Project Virtualisation
The Linux Foundation7.7K views
Handout2oHandout2o
Handout2o
Shahbaz Sidhu720 views
There is No Server: Immutable Infrastructure and Serverless ArchitectureThere is No Server: Immutable Infrastructure and Serverless Architecture
There is No Server: Immutable Infrastructure and Serverless Architecture
Sonatype 1.1K views
VirtSec, and the Open Source impactVirtSec, and the Open Source impact
VirtSec, and the Open Source impact
Kris Buytaert1.1K views
Hypervisor Security - OpenStack Summit Hong KongHypervisor Security - OpenStack Summit Hong Kong
Hypervisor Security - OpenStack Summit Hong Kong
Robert Clark1.8K views
LOAD BALANCING OF APPLICATIONS USING XEN HYPERVISORLOAD BALANCING OF APPLICATIONS USING XEN HYPERVISOR
LOAD BALANCING OF APPLICATIONS USING XEN HYPERVISOR
Vanika Kapoor737 views
Attacks and DefencesAttacks and Defences
Attacks and Defences
SensePost1.1K views
Moving to the Cloud with ny times.comMoving to the Cloud with ny times.com
Moving to the Cloud with ny times.com
bgerst191 views
CloudSec , don't forget Security in the Cloud !CloudSec , don't forget Security in the Cloud !
CloudSec , don't forget Security in the Cloud !
Kris Buytaert1.1K views
CSA Presentation 26th May Virtualization securityv2CSA Presentation 26th May Virtualization securityv2
CSA Presentation 26th May Virtualization securityv2
vivekbhat400 views
Usenix Invited TalkUsenix Invited Talk
Usenix Invited Talk
webhostingguy704 views
Virtualization presentationVirtualization presentation
Virtualization presentation
Mangesh Gunjal31.9K views
Docker, Linux Containers, and Security: Does It Add Up?Docker, Linux Containers, and Security: Does It Add Up?
Docker, Linux Containers, and Security: Does It Add Up?
Jérôme Petazzoni9.3K views
A Xen Case StudyA Xen Case Study
A Xen Case Study
Kris Buytaert1.7K views
Virtualization Technology for Test AutomationVirtualization Technology for Test Automation
Virtualization Technology for Test Automation
Iosif Itkin1.3K views
Virtualization Technology for Test AutomationVirtualization Technology for Test Automation
Virtualization Technology for Test Automation
extentconf Tsoy220 views
Kevin wharramKevin wharram
Kevin wharram
Kevin Wharram550 views
VMware Technical Overview (2012)VMware Technical Overview (2012)
VMware Technical Overview (2012)
Steven Aiello611 views
Virtualization securityv2Virtualization securityv2
Virtualization securityv2
vivekbhat854 views

Recently uploaded(20)

University of Engineering and Technology.docxUniversity of Engineering and Technology.docx
University of Engineering and Technology.docx
MuhammadumairKhan740 views
videographyppt.pptxvideographyppt.pptx
videographyppt.pptx
AamirMaqsood80 views
Praveen V CSE technical ppt.pdfPraveen V CSE technical ppt.pdf
Praveen V CSE technical ppt.pdf
Itsmepraveen0 views
在哪里可以办加拿大大学文凭《温哥华社区学院毕业证成绩单仿制》在哪里可以办加拿大大学文凭《温哥华社区学院毕业证成绩单仿制》
在哪里可以办加拿大大学文凭《温哥华社区学院毕业证成绩单仿制》
nukotk0 views
ARDUINO_presentation_by_Bamidele samuel.pptARDUINO_presentation_by_Bamidele samuel.ppt
ARDUINO_presentation_by_Bamidele samuel.ppt
SAMTECH ELECTRONICS CONCEPT 0 views
The Industrialist: Trends & Innovations - May 2023The Industrialist: Trends & Innovations - May 2023
The Industrialist: Trends & Innovations - May 2023
accenture0 views
Wilab-NWDAF-datasheet.pdfWilab-NWDAF-datasheet.pdf
Wilab-NWDAF-datasheet.pdf
FabianToh20 views
STRENGTH OF MATERIAL.pptxSTRENGTH OF MATERIAL.pptx
STRENGTH OF MATERIAL.pptx
MohdMeraj150 views
6+1 Technical Tips for Tech Startups (2023 Edition)6+1 Technical Tips for Tech Startups (2023 Edition)
6+1 Technical Tips for Tech Startups (2023 Edition)
Ahmed Misbah0 views
Chapter Three Motivation.pptxChapter Three Motivation.pptx
Chapter Three Motivation.pptx
YoomifTube0 views
在哪里可以办新西兰大学文凭《奥克兰理工大学毕业证成绩单仿制》在哪里可以办新西兰大学文凭《奥克兰理工大学毕业证成绩单仿制》
在哪里可以办新西兰大学文凭《奥克兰理工大学毕业证成绩单仿制》
nukotk0 views
Blockchain Net Zero Revolution: Transforming Heavy Industries SustainabilityBlockchain Net Zero Revolution: Transforming Heavy Industries Sustainability
Blockchain Net Zero Revolution: Transforming Heavy Industries Sustainability
Mobiloitte Technologies0 views
Delta Energy - Company ProfileDelta Energy - Company Profile
Delta Energy - Company Profile
bilalansari970 views
76075-technology powerpoint presentation ideas.pptx76075-technology powerpoint presentation ideas.pptx
76075-technology powerpoint presentation ideas.pptx
MuhammadumairKhan740 views
Stay Ahead of the Competition: The Advantages of Hiring a Digital Marketing E...Stay Ahead of the Competition: The Advantages of Hiring a Digital Marketing E...
Stay Ahead of the Competition: The Advantages of Hiring a Digital Marketing E...
AlisonTaylor860 views
Akaike Pitch DeckAkaike Pitch Deck
Akaike Pitch Deck
ShilpaRamaswamy30 views
FME:23 for the Enterprise - A Deep Dive into Key New FeaturesFME:23 for the Enterprise - A Deep Dive into Key New Features
FME:23 for the Enterprise - A Deep Dive into Key New Features
Safe Software0 views
Nest.js IntroductionNest.js Introduction
Nest.js Introduction
Takuya Tejima0 views
University of Engineering and Technology.docxUniversity of Engineering and Technology.docx
University of Engineering and Technology.docx
MuhammadumairKhan740 views
How Low-code is enabling Manufacturers to Reduce Costs and Drive Efficiency.pptxHow Low-code is enabling Manufacturers to Reduce Costs and Drive Efficiency.pptx
How Low-code is enabling Manufacturers to Reduce Costs and Drive Efficiency.pptx
RachanaJain200 views
Advertisement

[Confidence0902] The Glass Cage - Virtualization Security

  1. The Glass Cage Virtualization security Claudio Criscione
  2. Claudio Criscione Nibble Security
  3. What is this speech about? Breaking out of the cage vendors are trying to put on your mind!
  4. Virtualization in 3 Minutes Hardware Hypervisor Host Operating System
  5. Design in the virtualization era Mail Server Web Server DNS Server Firewall
  6. The Original Sin Il peccato originale – la sicurezza della virt è uguale a quella fisica The Original Sin The Original Sin
  7. It is very practical to think about the cloud It is not really there! What you have is more systems
  8. If it bleeds...
  9. Hypervisors are running on top of “standard” OS Linux, Windows 2008, Nemesis And they are running services as well!
  10. VMSA-0008-0002.1 Patches Virtual Center: running tomcat 5.5.17 VMSA-0008-0015 Patches remote buffer overflow in openwsman CVE-2007-1321 Heap Overflow in Xen NE2000 network driver Hyper-V SMBv2 anyone?
  11. More than just Hypervisors
  12. There's a whole ecosystem around virtualization Management software Storage managers Patchers Conversion software All of them can be hacked! SN-2009-02 - ToutVirtual VirtualIQ Pro Multiple Vulnerabilities
  13. Client insicuri Client security
  14. The attack surface is quite large SSL Web Services Rendering engines Integration & Plugins Auto-update functionalities
  15. MITM Against Clients? Why not! With or without null byte
  16. /client/clients.xml Requested every time VI client connects to a host <ConfigRoot> <clientConnection id="0000"> <authdPort>902</authdPort> <version>3</version> <patchVersion>3.0.0</patchVersion> <apiVersion>3.1.0</apiVersion> <downloadUrl>https://*/client/VMware- viclient.exe</downloadUrl> </clientConnection> </ConfigRoot>
  17. What if we change that XML? By MitM or Post-exploitation on the host Demo time
  18. Just woke up? Here's what's going on VI Client looks for clients.xml We do some MiTM We use Burp because it rocks and it's easy Change the clients.xml P0wned
  19. Administrative Interface Security Glass windows in the castle
  20. Some of them are even hidden...
  21. ...and some of them are broken.
  22. XEN Center Web Multiple vulnerabilities in the default installation RCE, File inclusion, XSS SN-2009-01 – Alberto Trivero & Claudio Criscione
  23. People were actually using it, over the internet But now it's gone...
  24. VMware Studio A virtual appliance to build other virtual appliances Path traversal leading to unauthenticated arbitrary file upload to any directory SN-2009-03 by Claudio criscione
  25. Virtualization ASsessment TOolkit A toolkit for virtualization penetration testing Currently under development @ Secure Network Metasploit based
  26. Still in early Alpha stage Stable modules: Fingerprinting Brute Forcer VMware Studio Exploiter Let's see them (if we have time!)
  27. Everyone has got some... Ubuntu just launched its Cloud infrastructure It leverages Eucalyptus And we have (at least) an XSS in Eucalytpus
  28. VM hopping VM Hopping
  29. You already knew about that, or at least thought about that It already happened multiple times, e.g. CloudBurst on VMware CVE-2007-1320 on XEN Overflow in Cirrus VGA: see a pattern?
  30. Virtual Appliances Virtual Appliances
  31. Sistemi di monitoraggio Monitoring
  32. Virtual Appliances + Monitoring = Nice Example Astaro virtual firewall
  33. One pre-auth request to the HTTP interface will result in Astaro doing a DNS query We won't get the results, but it's a nice one-way covert channel for any blind attack (tnx ikki) What's most important, no IDS in the network will detect any anomaly. It's all in-memory
  34. Templates
  35. So what
  36. Virtualization Management Review Virtualization Architecture Review And now you know VASTO is coming
  37. What about management issues?
  38. VMSprawl VM Sprawl
  39. Segregation of duties Segregation of duties
  40. Thank you! Claudio Criscione c.criscione@securenetwork.it @paradoxengine
Advertisement