Submit Search
Upload
DEFCON 23 - Etienne Martineau - inter vm data exfiltration
•
0 likes
•
24 views
Felipe Prado
Follow
DEFCON 23 - Etienne Martineau - inter vm data exfiltration
Read less
Read more
Technology
Report
Share
Report
Share
1 of 85
Download now
Download to read offline
Recommended
Основные понятия и аспекты построения отказоустойчивых Site-to-Site VPN на ASA
Основные понятия и аспекты построения отказоустойчивых Site-to-Site VPN на ASA
Cisco Russia
Easy vpn
Easy vpn
Hồ Đắc Biên
BEST REST in OpenStack
BEST REST in OpenStack
Vikram G Hosakote
Understanding and Troubleshooting ASA NAT
Understanding and Troubleshooting ASA NAT
Cisco Russia
NTTドコモ様 導入事例 OpenStack Summit 2016 Barcelona 講演「Expanding and Deepening NTT D...
NTTドコモ様 導入事例 OpenStack Summit 2016 Barcelona 講演「Expanding and Deepening NTT D...
VirtualTech Japan Inc.
Multicast in OpenStack Tips
Multicast in OpenStack Tips
Vikram G Hosakote
CCNA Security - Chapter 4
CCNA Security - Chapter 4
Irsandi Hasan
Etcd- Mission Critical Key-Value Store
Etcd- Mission Critical Key-Value Store
CoreOS
Recommended
Основные понятия и аспекты построения отказоустойчивых Site-to-Site VPN на ASA
Основные понятия и аспекты построения отказоустойчивых Site-to-Site VPN на ASA
Cisco Russia
Easy vpn
Easy vpn
Hồ Đắc Biên
BEST REST in OpenStack
BEST REST in OpenStack
Vikram G Hosakote
Understanding and Troubleshooting ASA NAT
Understanding and Troubleshooting ASA NAT
Cisco Russia
NTTドコモ様 導入事例 OpenStack Summit 2016 Barcelona 講演「Expanding and Deepening NTT D...
NTTドコモ様 導入事例 OpenStack Summit 2016 Barcelona 講演「Expanding and Deepening NTT D...
VirtualTech Japan Inc.
Multicast in OpenStack Tips
Multicast in OpenStack Tips
Vikram G Hosakote
CCNA Security - Chapter 4
CCNA Security - Chapter 4
Irsandi Hasan
Etcd- Mission Critical Key-Value Store
Etcd- Mission Critical Key-Value Store
CoreOS
20141102 VyOS 1.1.0 and NIFTY Cloud New Features
20141102 VyOS 1.1.0 and NIFTY Cloud New Features
雄也 日下部
Better Network Management Through Network Programmability
Better Network Management Through Network Programmability
Cisco Canada
Дизайн отказоустойчивых локальных сетей
Дизайн отказоустойчивых локальных сетей
Cisco Russia
Layer-3 BFD Optimization Proposals for Enterprise and Campus Networks
Layer-3 BFD Optimization Proposals for Enterprise and Campus Networks
Vikram G Hosakote
CCNA Security 09- ios firewall fundamentals
CCNA Security 09- ios firewall fundamentals
Ahmed Habib
Building and Customizing CoreOS
Building and Customizing CoreOS
雄也 日下部
[2015-11월 정기 세미나]K8s on openstack
[2015-11월 정기 세미나]K8s on openstack
OpenStack Korea Community
How logging makes a private cloud a better cloud - OpenStack最新情報セミナー(2016年12月)
How logging makes a private cloud a better cloud - OpenStack最新情報セミナー(2016年12月)
VirtualTech Japan Inc.
FlexVPNLabHandbook-SAMPLE
FlexVPNLabHandbook-SAMPLE
Tariq Sheikh
LF_OVS_17_IPSEC and OVS DPDK
LF_OVS_17_IPSEC and OVS DPDK
LF_OpenvSwitch
Cumulus networks conversion guide
Cumulus networks conversion guide
Scott Suehle
Cisco CCNA Security 210-260 Practice Exam
Cisco CCNA Security 210-260 Practice Exam
Jysmeen
CKA(Kubernetes 자격증) 잘 준비하는 법_
CKA(Kubernetes 자격증) 잘 준비하는 법_
InfraEngineer
vSRX
vSRX
MarketingArrowECS_CZ
Unlock Your Cloud Potential with Mirantis OpenStack & Cumulus Linux
Unlock Your Cloud Potential with Mirantis OpenStack & Cumulus Linux
Cumulus Networks
Cellular technology with Embedded Linux - COSCUP 2016
Cellular technology with Embedded Linux - COSCUP 2016
SZ Lin
Dev stacklabguide
Dev stacklabguide
openstackcisco
CCNA Security 011- implementing ios-based ips
CCNA Security 011- implementing ios-based ips
Ahmed Habib
Ansible x napalm x nso 解説・比較パネルディスカッション nso
Ansible x napalm x nso 解説・比較パネルディスカッション nso
Akira Iwamoto
Troubleshooting Firewalls (2012 San Diego)
Troubleshooting Firewalls (2012 San Diego)
Cisco Security
Storage networking fcf_co_eiscsivsn_technology
Storage networking fcf_co_eiscsivsn_technology
EMC
DEVNET-1148 Leveraging Cisco OpenStack Private Cloud for Developers
DEVNET-1148 Leveraging Cisco OpenStack Private Cloud for Developers
Cisco DevNet
More Related Content
What's hot
20141102 VyOS 1.1.0 and NIFTY Cloud New Features
20141102 VyOS 1.1.0 and NIFTY Cloud New Features
雄也 日下部
Better Network Management Through Network Programmability
Better Network Management Through Network Programmability
Cisco Canada
Дизайн отказоустойчивых локальных сетей
Дизайн отказоустойчивых локальных сетей
Cisco Russia
Layer-3 BFD Optimization Proposals for Enterprise and Campus Networks
Layer-3 BFD Optimization Proposals for Enterprise and Campus Networks
Vikram G Hosakote
CCNA Security 09- ios firewall fundamentals
CCNA Security 09- ios firewall fundamentals
Ahmed Habib
Building and Customizing CoreOS
Building and Customizing CoreOS
雄也 日下部
[2015-11월 정기 세미나]K8s on openstack
[2015-11월 정기 세미나]K8s on openstack
OpenStack Korea Community
How logging makes a private cloud a better cloud - OpenStack最新情報セミナー(2016年12月)
How logging makes a private cloud a better cloud - OpenStack最新情報セミナー(2016年12月)
VirtualTech Japan Inc.
FlexVPNLabHandbook-SAMPLE
FlexVPNLabHandbook-SAMPLE
Tariq Sheikh
LF_OVS_17_IPSEC and OVS DPDK
LF_OVS_17_IPSEC and OVS DPDK
LF_OpenvSwitch
Cumulus networks conversion guide
Cumulus networks conversion guide
Scott Suehle
Cisco CCNA Security 210-260 Practice Exam
Cisco CCNA Security 210-260 Practice Exam
Jysmeen
CKA(Kubernetes 자격증) 잘 준비하는 법_
CKA(Kubernetes 자격증) 잘 준비하는 법_
InfraEngineer
vSRX
vSRX
MarketingArrowECS_CZ
Unlock Your Cloud Potential with Mirantis OpenStack & Cumulus Linux
Unlock Your Cloud Potential with Mirantis OpenStack & Cumulus Linux
Cumulus Networks
Cellular technology with Embedded Linux - COSCUP 2016
Cellular technology with Embedded Linux - COSCUP 2016
SZ Lin
Dev stacklabguide
Dev stacklabguide
openstackcisco
CCNA Security 011- implementing ios-based ips
CCNA Security 011- implementing ios-based ips
Ahmed Habib
Ansible x napalm x nso 解説・比較パネルディスカッション nso
Ansible x napalm x nso 解説・比較パネルディスカッション nso
Akira Iwamoto
Troubleshooting Firewalls (2012 San Diego)
Troubleshooting Firewalls (2012 San Diego)
Cisco Security
What's hot
(20)
20141102 VyOS 1.1.0 and NIFTY Cloud New Features
20141102 VyOS 1.1.0 and NIFTY Cloud New Features
Better Network Management Through Network Programmability
Better Network Management Through Network Programmability
Дизайн отказоустойчивых локальных сетей
Дизайн отказоустойчивых локальных сетей
Layer-3 BFD Optimization Proposals for Enterprise and Campus Networks
Layer-3 BFD Optimization Proposals for Enterprise and Campus Networks
CCNA Security 09- ios firewall fundamentals
CCNA Security 09- ios firewall fundamentals
Building and Customizing CoreOS
Building and Customizing CoreOS
[2015-11월 정기 세미나]K8s on openstack
[2015-11월 정기 세미나]K8s on openstack
How logging makes a private cloud a better cloud - OpenStack最新情報セミナー(2016年12月)
How logging makes a private cloud a better cloud - OpenStack最新情報セミナー(2016年12月)
FlexVPNLabHandbook-SAMPLE
FlexVPNLabHandbook-SAMPLE
LF_OVS_17_IPSEC and OVS DPDK
LF_OVS_17_IPSEC and OVS DPDK
Cumulus networks conversion guide
Cumulus networks conversion guide
Cisco CCNA Security 210-260 Practice Exam
Cisco CCNA Security 210-260 Practice Exam
CKA(Kubernetes 자격증) 잘 준비하는 법_
CKA(Kubernetes 자격증) 잘 준비하는 법_
vSRX
vSRX
Unlock Your Cloud Potential with Mirantis OpenStack & Cumulus Linux
Unlock Your Cloud Potential with Mirantis OpenStack & Cumulus Linux
Cellular technology with Embedded Linux - COSCUP 2016
Cellular technology with Embedded Linux - COSCUP 2016
Dev stacklabguide
Dev stacklabguide
CCNA Security 011- implementing ios-based ips
CCNA Security 011- implementing ios-based ips
Ansible x napalm x nso 解説・比較パネルディスカッション nso
Ansible x napalm x nso 解説・比較パネルディスカッション nso
Troubleshooting Firewalls (2012 San Diego)
Troubleshooting Firewalls (2012 San Diego)
Similar to DEFCON 23 - Etienne Martineau - inter vm data exfiltration
Storage networking fcf_co_eiscsivsn_technology
Storage networking fcf_co_eiscsivsn_technology
EMC
DEVNET-1148 Leveraging Cisco OpenStack Private Cloud for Developers
DEVNET-1148 Leveraging Cisco OpenStack Private Cloud for Developers
Cisco DevNet
ScaleIO : capitalisez sur vos infrastructures existantes avec une solution so...
ScaleIO : capitalisez sur vos infrastructures existantes avec une solution so...
RSD
2014/09/02 Cisco UCS HPC @ ANL
2014/09/02 Cisco UCS HPC @ ANL
dgoodell
3 Ways to Connect to the Oracle Cloud
3 Ways to Connect to the Oracle Cloud
Simon Haslam
Deployment of cisco_iron_portweb_security_appliance
Deployment of cisco_iron_portweb_security_appliance
Alfredo Boiero Sanders
Approaching hyperconvergedopenstack
Approaching hyperconvergedopenstack
Ikuo Kumagai
Cisco SDN/NVF Innovations (SDN NVF Day ITB 2016)
Cisco SDN/NVF Innovations (SDN NVF Day ITB 2016)
SDNRG ITB
Mysql performance tuning
Mysql performance tuning
Philip Zhong
Container security within Cisco Container Platform
Container security within Cisco Container Platform
Sanjeev Rampal
Cipc
Cipc
ashiesh0007
Cuc pcd tac_toi
Cuc pcd tac_toi
Michael Ganschuk
INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
EMC
VMworld 2015 San Francisco - INF5432 - Infrastructure as Code - Ban Snowflake...
VMworld 2015 San Francisco - INF5432 - Infrastructure as Code - Ban Snowflake...
Jonas Rosland
VSPEX Blue, une infrastructure hyper-convergée simple et sûre pour votre SDDC
VSPEX Blue, une infrastructure hyper-convergée simple et sûre pour votre SDDC
RSD
BRKDCN-2670 Day2 operations for Datacenter VxLAN EVPN fabrics.pdf
BRKDCN-2670 Day2 operations for Datacenter VxLAN EVPN fabrics.pdf
HarryH11
Transforming your Business with Scale-Out Flash: How MongoDB & Flash Accelera...
Transforming your Business with Scale-Out Flash: How MongoDB & Flash Accelera...
MongoDB
NSO: Network Service Orchestrator enabled by Tail-f Hands-on Lab
NSO: Network Service Orchestrator enabled by Tail-f Hands-on Lab
Cisco Canada
Cloud-based Virtualization for Test Automation
Cloud-based Virtualization for Test Automation
Vikram G Hosakote
Cisco UCS (Unified Computing System)
Cisco UCS (Unified Computing System)
NetWize
Similar to DEFCON 23 - Etienne Martineau - inter vm data exfiltration
(20)
Storage networking fcf_co_eiscsivsn_technology
Storage networking fcf_co_eiscsivsn_technology
DEVNET-1148 Leveraging Cisco OpenStack Private Cloud for Developers
DEVNET-1148 Leveraging Cisco OpenStack Private Cloud for Developers
ScaleIO : capitalisez sur vos infrastructures existantes avec une solution so...
ScaleIO : capitalisez sur vos infrastructures existantes avec une solution so...
2014/09/02 Cisco UCS HPC @ ANL
2014/09/02 Cisco UCS HPC @ ANL
3 Ways to Connect to the Oracle Cloud
3 Ways to Connect to the Oracle Cloud
Deployment of cisco_iron_portweb_security_appliance
Deployment of cisco_iron_portweb_security_appliance
Approaching hyperconvergedopenstack
Approaching hyperconvergedopenstack
Cisco SDN/NVF Innovations (SDN NVF Day ITB 2016)
Cisco SDN/NVF Innovations (SDN NVF Day ITB 2016)
Mysql performance tuning
Mysql performance tuning
Container security within Cisco Container Platform
Container security within Cisco Container Platform
Cipc
Cipc
Cuc pcd tac_toi
Cuc pcd tac_toi
INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
VMworld 2015 San Francisco - INF5432 - Infrastructure as Code - Ban Snowflake...
VMworld 2015 San Francisco - INF5432 - Infrastructure as Code - Ban Snowflake...
VSPEX Blue, une infrastructure hyper-convergée simple et sûre pour votre SDDC
VSPEX Blue, une infrastructure hyper-convergée simple et sûre pour votre SDDC
BRKDCN-2670 Day2 operations for Datacenter VxLAN EVPN fabrics.pdf
BRKDCN-2670 Day2 operations for Datacenter VxLAN EVPN fabrics.pdf
Transforming your Business with Scale-Out Flash: How MongoDB & Flash Accelera...
Transforming your Business with Scale-Out Flash: How MongoDB & Flash Accelera...
NSO: Network Service Orchestrator enabled by Tail-f Hands-on Lab
NSO: Network Service Orchestrator enabled by Tail-f Hands-on Lab
Cloud-based Virtualization for Test Automation
Cloud-based Virtualization for Test Automation
Cisco UCS (Unified Computing System)
Cisco UCS (Unified Computing System)
More from Felipe Prado
DEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directory
DEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directory
Felipe Prado
DEF CON 24 - Bertin Bervis and James Jara - exploiting and attacking seismolo...
DEF CON 24 - Bertin Bervis and James Jara - exploiting and attacking seismolo...
Felipe Prado
DEF CON 24 - Tamas Szakaly - help i got ants
DEF CON 24 - Tamas Szakaly - help i got ants
Felipe Prado
DEF CON 24 - Ladar Levison - compelled decryption
DEF CON 24 - Ladar Levison - compelled decryption
Felipe Prado
DEF CON 24 - Clarence Chio - machine duping 101
DEF CON 24 - Clarence Chio - machine duping 101
Felipe Prado
DEF CON 24 - Chris Rock - how to overthrow a government
DEF CON 24 - Chris Rock - how to overthrow a government
Felipe Prado
DEF CON 24 - Fitzpatrick and Grand - 101 ways to brick your hardware
DEF CON 24 - Fitzpatrick and Grand - 101 ways to brick your hardware
Felipe Prado
DEF CON 24 - Rogan Dawes and Dominic White - universal serial aBUSe remote at...
DEF CON 24 - Rogan Dawes and Dominic White - universal serial aBUSe remote at...
Felipe Prado
DEF CON 24 - Jay Beale and Larry Pesce - phishing without frustration
DEF CON 24 - Jay Beale and Larry Pesce - phishing without frustration
Felipe Prado
DEF CON 24 - Gorenc Sands - hacker machine interface
DEF CON 24 - Gorenc Sands - hacker machine interface
Felipe Prado
DEF CON 24 - Allan Cecil and DwangoAC - tasbot the perfectionist
DEF CON 24 - Allan Cecil and DwangoAC - tasbot the perfectionist
Felipe Prado
DEF CON 24 - Rose and Ramsey - picking bluetooth low energy locks
DEF CON 24 - Rose and Ramsey - picking bluetooth low energy locks
Felipe Prado
DEF CON 24 - Rich Mogull - pragmatic cloud security
DEF CON 24 - Rich Mogull - pragmatic cloud security
Felipe Prado
DEF CON 24 - Grant Bugher - Bypassing captive portals
DEF CON 24 - Grant Bugher - Bypassing captive portals
Felipe Prado
DEF CON 24 - Patrick Wardle - 99 problems little snitch
DEF CON 24 - Patrick Wardle - 99 problems little snitch
Felipe Prado
DEF CON 24 - Plore - side -channel attacks on high security electronic safe l...
DEF CON 24 - Plore - side -channel attacks on high security electronic safe l...
Felipe Prado
DEF CON 24 - Six Volts and Haystack - cheap tools for hacking heavy trucks
DEF CON 24 - Six Volts and Haystack - cheap tools for hacking heavy trucks
Felipe Prado
DEF CON 24 - Dinesh and Shetty - practical android application exploitation
DEF CON 24 - Dinesh and Shetty - practical android application exploitation
Felipe Prado
DEF CON 24 - Klijnsma and Tentler - stargate pivoting through vnc
DEF CON 24 - Klijnsma and Tentler - stargate pivoting through vnc
Felipe Prado
DEF CON 24 - Antonio Joseph - fuzzing android devices
DEF CON 24 - Antonio Joseph - fuzzing android devices
Felipe Prado
More from Felipe Prado
(20)
DEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directory
DEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directory
DEF CON 24 - Bertin Bervis and James Jara - exploiting and attacking seismolo...
DEF CON 24 - Bertin Bervis and James Jara - exploiting and attacking seismolo...
DEF CON 24 - Tamas Szakaly - help i got ants
DEF CON 24 - Tamas Szakaly - help i got ants
DEF CON 24 - Ladar Levison - compelled decryption
DEF CON 24 - Ladar Levison - compelled decryption
DEF CON 24 - Clarence Chio - machine duping 101
DEF CON 24 - Clarence Chio - machine duping 101
DEF CON 24 - Chris Rock - how to overthrow a government
DEF CON 24 - Chris Rock - how to overthrow a government
DEF CON 24 - Fitzpatrick and Grand - 101 ways to brick your hardware
DEF CON 24 - Fitzpatrick and Grand - 101 ways to brick your hardware
DEF CON 24 - Rogan Dawes and Dominic White - universal serial aBUSe remote at...
DEF CON 24 - Rogan Dawes and Dominic White - universal serial aBUSe remote at...
DEF CON 24 - Jay Beale and Larry Pesce - phishing without frustration
DEF CON 24 - Jay Beale and Larry Pesce - phishing without frustration
DEF CON 24 - Gorenc Sands - hacker machine interface
DEF CON 24 - Gorenc Sands - hacker machine interface
DEF CON 24 - Allan Cecil and DwangoAC - tasbot the perfectionist
DEF CON 24 - Allan Cecil and DwangoAC - tasbot the perfectionist
DEF CON 24 - Rose and Ramsey - picking bluetooth low energy locks
DEF CON 24 - Rose and Ramsey - picking bluetooth low energy locks
DEF CON 24 - Rich Mogull - pragmatic cloud security
DEF CON 24 - Rich Mogull - pragmatic cloud security
DEF CON 24 - Grant Bugher - Bypassing captive portals
DEF CON 24 - Grant Bugher - Bypassing captive portals
DEF CON 24 - Patrick Wardle - 99 problems little snitch
DEF CON 24 - Patrick Wardle - 99 problems little snitch
DEF CON 24 - Plore - side -channel attacks on high security electronic safe l...
DEF CON 24 - Plore - side -channel attacks on high security electronic safe l...
DEF CON 24 - Six Volts and Haystack - cheap tools for hacking heavy trucks
DEF CON 24 - Six Volts and Haystack - cheap tools for hacking heavy trucks
DEF CON 24 - Dinesh and Shetty - practical android application exploitation
DEF CON 24 - Dinesh and Shetty - practical android application exploitation
DEF CON 24 - Klijnsma and Tentler - stargate pivoting through vnc
DEF CON 24 - Klijnsma and Tentler - stargate pivoting through vnc
DEF CON 24 - Antonio Joseph - fuzzing android devices
DEF CON 24 - Antonio Joseph - fuzzing android devices
Recently uploaded
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
LBM Solutions
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
shyamraj55
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
Allon Mureinik
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
ThousandEyes
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
carlostorres15106
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
Memoori
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
XfilesPro
How to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
naman860154
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
BookNet Canada
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Safe Software
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Malak Abu Hammad
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
naman860154
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
OnBoard
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
Padma Pradeep
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
Rafal Los
Recently uploaded
(20)
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
How to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
DEFCON 23 - Etienne Martineau - inter vm data exfiltration
1.
Cisco Confidential 1©
2009 Cisco Systems, Inc. All rights reserved.NG Update Copyright © 2010 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPanini Inter-VM data exfiltration The art of cache timing covert channel on x86 multi-core Etienne Martineau Kernel Developer August 2015
2.
© 2009 Cisco
Systems, Inc. All rights reserved.Cisco Confidential 2NG Update VM #1 “client” VM #2 “server”
3.
© 2009 Cisco
Systems, Inc. All rights reserved.Cisco Confidential 3NG Update Research… own time… my opinions… not my employers… The information and the code provided in this presentation is to be used for educational purposes only. I am in no way responsible for any misuse of the information provided. In no way should you use the information to cause any kind of damage directly or indirectly. Disclaimer
4.
© 2009 Cisco
Systems, Inc. All rights reserved.Cisco Confidential 4NG Update About me
5.
© 2009 Cisco
Systems, Inc. All rights reserved.Cisco Confidential 5NG Update
6.
© 2009 Cisco
Systems, Inc. All rights reserved.Cisco Confidential 6NG Update VM #2 VM #1
7.
© 2009 Cisco
Systems, Inc. All rights reserved.Cisco Confidential 7NG Update
8.
© 2009 Cisco
Systems, Inc. All rights reserved.Cisco Confidential 8NG Update VM#1 Modulate a contention pattern 1 | 0 | 0 | 0 | 1 MUL | NOP | NOP | NOP | MUL
9.
© 2009 Cisco
Systems, Inc. All rights reserved.Cisco Confidential 9NG Update VM#1 Modulate a contention pattern 1 | 0 | 0 | 0 | 1 MUL | NOP | NOP | NOP | MUL VM#2 Detect BUS contention Slow| Fast| Fast| Fast| Slow 1 | 0 | 0 | 0 | 1
10.
© 2009 Cisco
Systems, Inc. All rights reserved.Cisco Confidential 10NG Update
11.
© 2009 Cisco
Systems, Inc. All rights reserved.Cisco Confidential 11NG Update
12.
© 2009 Cisco
Systems, Inc. All rights reserved.Cisco Confidential 12NG Update Video #1
13.
© 2009 Cisco
Systems, Inc. All rights reserved.Cisco Confidential 13NG Update Goal – Practical implementation ( not just some research stuff ) How – Abusing X86 shared resources – Cache line encoding / decoding – Getting around the HW pre-fetcher – Data persistency and noise. What can be done? – Guest to host page table de-obfuscation. The easy way – High precision inter-VM synchronization: All about timers Detection / Mitigation Overview
14.
© 2009 Cisco
Systems, Inc. All rights reserved.Cisco Confidential 14NG Update Shared resource: HT enabled Pipeline contention “previous example” L1 modulation L2 modulation VM #2 VM #1
15.
© 2009 Cisco
Systems, Inc. All rights reserved.Cisco Confidential 15NG Update Shared resource: HT disabled Pipeline contention “previous example” L1 modulation L2 modulation L3 modulation VM #2 VM #1 http://it.slashdot.org/story/05/05/17/201253/hyper-threading-linus-torvalds-vs-colin-perciv
16.
© 2009 Cisco
Systems, Inc. All rights reserved.Cisco Confidential 16NG Update Shared resource: Multi socket VM #2 VM #1
17.
© 2009 Cisco
Systems, Inc. All rights reserved.Cisco Confidential 17NG Update
18.
© 2009 Cisco
Systems, Inc. All rights reserved.Cisco Confidential 18NG Update
19.
© 2009 Cisco
Systems, Inc. All rights reserved.Cisco Confidential 19NG Update VM#1 encode a pattern in cache line CL0 | CL1 | CL2 | CL3 | CL4 1 | 0 | 0 | 0 | 1 Load | Flush| Flush| Flush| Load
20.
© 2009 Cisco
Systems, Inc. All rights reserved.Cisco Confidential 20NG Update VM#1 encode a pattern in cache line CL0 | CL1 | CL2 | CL3 | CL4 1 | 0 | 0 | 0 | 1 Load | Flush| Flush| Flush| Load VM#2 decode the cache line access time CL0 | CL1 | CL2 | CL3 | CL4 Fast| Slow | Slow | Slow | Fast 1 | 0 | 0 | 0 | 1
21.
© 2009 Cisco
Systems, Inc. All rights reserved.Cisco Confidential 21NG Update NO VM Simple Client / Server test program Cache Line from shared memory directly Mutex for inter-process signaling Client encode a pattern
22.
© 2009 Cisco
Systems, Inc. All rights reserved.Cisco Confidential 22NG Update NO VM Simple Client / Server test program Cache Line from shared memory directly Mutex for inter-process signaling Client encode a pattern Server decode Something weird?
23.
© 2009 Cisco
Systems, Inc. All rights reserved.Cisco Confidential 23NG Update • Simple test: • Flush CL0 -> CL100 • Measure CL access time for CL0 -> CL100 • Long latency for all CL
24.
© 2009 Cisco
Systems, Inc. All rights reserved.Cisco Confidential 24NG Update • Simple test: • Flush CL0 -> CL100 • Measure CL access time for CL0 -> CL100 • Long latency for all CL • ???
25.
© 2009 Cisco
Systems, Inc. All rights reserved.Cisco Confidential 25NG Update Prefetching in general means bringing data or instructions from memory into the cache before they are needed • Simple test: • Flush CL0 -> CL100 • Measure CL access time for CL0 -> CL100 • Long latency for all CL • ???
26.
© 2009 Cisco
Systems, Inc. All rights reserved.Cisco Confidential 26NG Update Prefetching in general means bringing data or instructions from memory into the cache before they are needed The Core™ i7 processor and Xeon® 5500 series processors, for example, have some prefetchers that bring data into the L1 cache and some that bring data into the L2. There are also different algorithms – some monitor data access patterns for a particular cache and then try to predict what addresses will be needed in the future. • Simple test: • Flush CL0 -> CL100 • Measure CL access time for CL0 -> CL100 • Long latency for all CL • ???
27.
© 2009 Cisco
Systems, Inc. All rights reserved.Cisco Confidential 27NG Update Prefetching in general means bringing data or instructions from memory into the cache before they are needed The Core™ i7 processor and Xeon® 5500 series processors, for example, have some prefetchers that bring data into the L1 cache and some that bring data into the L2. There are also different algorithms – some monitor data access patterns for a particular cache and then try to predict what addresses will be needed in the future. • Simple test: • Flush CL0 -> CL100 • Measure CL access time for CL0 -> CL100 • Long latency for all CL • ???
28.
© 2009 Cisco
Systems, Inc. All rights reserved.Cisco Confidential 28NG Update Simple trick that randomized CL access
29.
© 2009 Cisco
Systems, Inc. All rights reserved.Cisco Confidential 29NG Update Simple trick that randomized CL access CL access random within a page
30.
© 2009 Cisco
Systems, Inc. All rights reserved.Cisco Confidential 30NG Update Simple trick that randomized CL access CL access random within a page CL access random across pages
31.
© 2009 Cisco
Systems, Inc. All rights reserved.Cisco Confidential 31NG Update Simple trick that randomized CL access CL access random within a page CL access random across pages This apparently manage to confuse the HW prefetcher!
32.
© 2009 Cisco
Systems, Inc. All rights reserved.Cisco Confidential 32NG Update What happen if we wait longer before decoding?
33.
© 2009 Cisco
Systems, Inc. All rights reserved.Cisco Confidential 33NG Update What happen if we wait longer before decoding? Wait
34.
© 2009 Cisco
Systems, Inc. All rights reserved.Cisco Confidential 34NG Update What happen if we wait longer before decoding? Wait Wait
35.
© 2009 Cisco
Systems, Inc. All rights reserved.Cisco Confidential 35NG Update What happen if we wait longer before decoding? Wait Wait Wait
36.
© 2009 Cisco
Systems, Inc. All rights reserved.Cisco Confidential 36NG Update What happen if we wait longer before decoding? Wait Wait Wait Encoded data in the cache evaporates pretty quickly.
37.
© 2009 Cisco
Systems, Inc. All rights reserved.Cisco Confidential 37NG Update Noise
38.
© 2009 Cisco
Systems, Inc. All rights reserved.Cisco Confidential 38NG Update Noise
39.
© 2009 Cisco
Systems, Inc. All rights reserved.Cisco Confidential 39NG Update Noise
40.
© 2009 Cisco
Systems, Inc. All rights reserved.Cisco Confidential 40NG Update Noise
41.
© 2009 Cisco
Systems, Inc. All rights reserved.Cisco Confidential 41NG Update Client in VM#1, Server in VM#2
42.
© 2009 Cisco
Systems, Inc. All rights reserved.Cisco Confidential 42NG Update Client in VM#1, Server in VM#2 L2 OR L3 cache are tagged by the physical address but in a VM the physical address that you see has nothing to do with the real physical address on bare metal that the cache is using.
43.
© 2009 Cisco
Systems, Inc. All rights reserved.Cisco Confidential 43NG Update Client in VM#1, Server in VM#2 L2 OR L3 cache are tagged by the physical address but in a VM the physical address that you see has nothing to do with the real physical address on bare metal that the cache is using. There is another layer of translation
44.
© 2009 Cisco
Systems, Inc. All rights reserved.Cisco Confidential 44NG Update Client in VM#1, Server in VM#2 L2 OR L3 cache are tagged by the physical address but in a VM the physical address that you see has nothing to do with the real physical address on bare metal that the cache is using. There is another layer of translation This is a complex problem to solve
45.
© 2009 Cisco
Systems, Inc. All rights reserved.Cisco Confidential 45NG Update Page de-duplication KSM enables the kernel to examine two or more already running programs and compare their memory. If any memory regions or pages are identical, KSM merge them into a single page physical page on bare-metal host kernel.
46.
© 2009 Cisco
Systems, Inc. All rights reserved.Cisco Confidential 46NG Update Page de-duplication KSM enables the kernel to examine two or more already running programs and compare their memory. If any memory regions or pages are identical, KSM merge them into a single page physical page on bare-metal host kernel. If one of the programs wants to modify a shared page KSM kicks in and un-merge it.
47.
© 2009 Cisco
Systems, Inc. All rights reserved.Cisco Confidential 47NG Update Page de-duplication KSM enables the kernel to examine two or more already running programs and compare their memory. If any memory regions or pages are identical, KSM merge them into a single page physical page on bare-metal host kernel. If one of the programs wants to modify a shared page KSM kicks in and un-merge it. This is useful for virtualization with KVM. Once the guest is running the contents of the guest operating system image can be shared when guests are running the same operating system or applications.
48.
© 2009 Cisco
Systems, Inc. All rights reserved.Cisco Confidential 48NG Update Page table de- obfuscation
49.
© 2009 Cisco
Systems, Inc. All rights reserved.Cisco Confidential 49NG Update Page table de- obfuscation The idea is to create a per- page unique pattern in memory that is the same across client and server
50.
© 2009 Cisco
Systems, Inc. All rights reserved.Cisco Confidential 50NG Update Page table de- obfuscation The idea is to create a per- page unique pattern in memory that is the same across client and server So that on host KSM kicks in and do the page de-duplication for us
51.
© 2009 Cisco
Systems, Inc. All rights reserved.Cisco Confidential 51NG Update
52.
© 2009 Cisco
Systems, Inc. All rights reserved.Cisco Confidential 52NG Update There is no synchronization primitive across processes running in different VM ???
53.
© 2009 Cisco
Systems, Inc. All rights reserved.Cisco Confidential 53NG Update There is no synchronization primitive across processes running in different VM ??? In reality there is mechanism to do that ( EX ivshmem ) but this is not enabled in production env
54.
© 2009 Cisco
Systems, Inc. All rights reserved.Cisco Confidential 54NG Update There is no synchronization primitive across processes running in different VM ??? In reality there is mechanism to do that ( EX ivshmem ) but this is not enabled in production env We need something to replace the mutex
55.
© 2009 Cisco
Systems, Inc. All rights reserved.Cisco Confidential 55NG Update Option #1 Forget about the synchronization aspect and hope for the best With error correction we can achieve some data transmission. Very low bit rates CPU consumption is low
56.
© 2009 Cisco
Systems, Inc. All rights reserved.Cisco Confidential 56NG Update Option #2 Busy loop on each side Client faster than Server At some point there will be an overlap and the server will pickup the signal CPU consumption is High OK bit rates We want <1% CPU usage to remain undetected.
57.
© 2009 Cisco
Systems, Inc. All rights reserved.Cisco Confidential 57NG Update Option #3 Define a common period ‘T’ Client-Server lock into phase
58.
© 2009 Cisco
Systems, Inc. All rights reserved.Cisco Confidential 58NG Update Option #3 Define a common period ‘T’ Client-Server lock into phase Server sends a sync pattern
59.
© 2009 Cisco
Systems, Inc. All rights reserved.Cisco Confidential 59NG Update Option #3 Define a common period ‘T’ Client-Server lock into phase Server sends a sync pattern Client sweep over the period in search for the sync
60.
© 2009 Cisco
Systems, Inc. All rights reserved.Cisco Confidential 60NG Update Option #3 Once the sync is found the phase is adjusted are we are ready for transmission
61.
© 2009 Cisco
Systems, Inc. All rights reserved.Cisco Confidential 61NG Update Option #3 Once the sync is found the phase is adjusted are we are ready for transmission For that to work we need a monotonic pulse
62.
© 2009 Cisco
Systems, Inc. All rights reserved.Cisco Confidential 62NG Update Option #3 Once the sync is found the phase is adjusted are we are ready for transmission. For that to work we need a monotonic pulse Some jitter but not too much ( Lots of noise in VMs data evaporates out of the cache very quickly )
63.
© 2009 Cisco
Systems, Inc. All rights reserved.Cisco Confidential 63NG Update How to achieve a monotonic pulse?
64.
© 2009 Cisco
Systems, Inc. All rights reserved.Cisco Confidential 64NG Update How to achieve a monotonic pulse? Timers
65.
© 2009 Cisco
Systems, Inc. All rights reserved.Cisco Confidential 65NG Update How to achieve a monotonic pulse? Timers Why timers? We need to sleep Avoid detection ( < 1% CPU usage )
66.
© 2009 Cisco
Systems, Inc. All rights reserved.Cisco Confidential 66NG Update How to achieve a monotonic pulse? Timers Why timers? We need to sleep Avoid detection ( < 1% CPU usage )
67.
© 2009 Cisco
Systems, Inc. All rights reserved.Cisco Confidential 67NG Update Jitter comes from both VM
68.
© 2009 Cisco
Systems, Inc. All rights reserved.Cisco Confidential 68NG Update Jitter comes from both VM Too much jitter
69.
© 2009 Cisco
Systems, Inc. All rights reserved.Cisco Confidential 69NG Update The idea here is to do padding up to some value above the maximum jitter
70.
© 2009 Cisco
Systems, Inc. All rights reserved.Cisco Confidential 70NG Update The idea here is to do padding up to some value above the maximum jitter
71.
© 2009 Cisco
Systems, Inc. All rights reserved.Cisco Confidential 71NG Update The idea here is to do padding up to some value above the maximum jitter The problem here is that the padding is subject to noise In other word more time you spend trying to immunize yourself to noise more noise you end up accumulating
72.
© 2009 Cisco
Systems, Inc. All rights reserved.Cisco Confidential 72NG Update The idea here is to do padding up to some value above the maximum jitter The problem here is that the padding is subject to noise In other word more time you spend trying to immunize yourself to noise more noise you end up accumulating Padding consume CPU By stretching the timer period it’s easy to stay under 1% of CPU usage
73.
© 2009 Cisco
Systems, Inc. All rights reserved.Cisco Confidential 73NG Update It’s a tricky problem but at the end I got it right!
74.
© 2009 Cisco
Systems, Inc. All rights reserved.Cisco Confidential 74NG Update It’s a tricky problem but at the end I got it right! In short the padding is using a calibrated software loop that is kept in check with the TSC
75.
© 2009 Cisco
Systems, Inc. All rights reserved.Cisco Confidential 75NG Update It’s a tricky problem but at the end I got it right! In short the padding is using a calibrated software loop that is kept in check with the TSC Assume 2.4Ghz machine; On a idle system: ~50 cycle 20 nSec
76.
© 2009 Cisco
Systems, Inc. All rights reserved.Cisco Confidential 76NG Update It’s a tricky problem but at the end I got it right! In short the padding is using a calibrated software loop that is kept in check with the TSC Assume 2.4Ghz machine; On a idle system: ~50 cycle 20 nSec On a loaded system ~300 cycle 120 nSec
77.
© 2009 Cisco
Systems, Inc. All rights reserved.Cisco Confidential 77NG Update It’s a tricky problem but at the end I got it right! In short the padding is using a calibrated software loop that is kept in check with the TSC Assume 2.4Ghz machine; On a idle system: ~50 cycle 20 nSec On a loaded system ~300 cycle 120 nSec Timers: 100uSec = 240 000 cycle 10uSec = 24 000 cycle ( best case )
78.
© 2009 Cisco
Systems, Inc. All rights reserved.Cisco Confidential 78NG Update Encoding / decoding based on memory access time – ( 1 = slow, 0 = fast ) Got rid of the HW prefetching (without disabling it from BIOS!) – ( randomized the access to cache lines / pages ) • Physical memory pages that are shared across VM • Thanks to KSM • PLL and high precision inter-VM synchronization • ( Compensated timer <120 nSec jitter ) Time for a demo! Recap
79.
© 2009 Cisco
Systems, Inc. All rights reserved.Cisco Confidential 79NG Update
80.
© 2009 Cisco
Systems, Inc. All rights reserved.Cisco Confidential 80NG Update
81.
© 2009 Cisco
Systems, Inc. All rights reserved.Cisco Confidential 81NG Update Video #2
82.
© 2009 Cisco
Systems, Inc. All rights reserved.Cisco Confidential 82NG Update Video #3
83.
© 2009 Cisco
Systems, Inc. All rights reserved.Cisco Confidential 83NG Update Disable page-deduplication ( KSM ) / Per-VM policy – No inter-VM shared read-only pages – Flush ‘clflush’ and reload won’t work – No OS / Application fingerprinting ( de-duplication page-fault ) – Higher memory cost X86 ‘clflush’ instruction: Privilege? – Microcode? Co-location policy ( per-core / per-socket / per-box ) Mitigation
84.
© 2009 Cisco
Systems, Inc. All rights reserved.Cisco Confidential 84NG Update Hardware counter Inter-VM scheduling “abnormality” TSC related “abnormality” Detection
85.
© 2009 Cisco
Systems, Inc. All rights reserved.Cisco Confidential 85NG Update Thank you!
Download now