SlideShare a Scribd company logo

Venom vulnerability Overview and a basic demo

Download as PPTX, PDF
Akash Mahajan
Akash Mahajan

This vulnerability, called VENOM, allows an attacker to escape from a virtual machine guest into the host system. It affects virtualization platforms that use Xen, Qemu, KVM, or VirtualBox as their hypervisor. The vulnerability is in the virtual floppy disk controller code, which contains a buffer overflow issue. This allows an attacker to potentially gain code execution on the host machine. It is a serious issue because many cloud providers use these vulnerable virtualization platforms.

Technology
1 of 20
VENOM DEMO & FAQ Akash Mahajan
VENOM is an acronym for V IRTUALIZE D ENVIRONMENT NEGLEC TE D O PE RATIONS M ANIPULATION
What is VENOM? It is a security vulnerability in the virtual floppy drive code used by many computer virtualization platforms.
What does it do? This vulnerability may allow an attacker to escape from the confines of an affected virtual machine (VM) guest and potentially obtain code- execution access to the host.
Why is it a big deal? He was right about the cloud, wasn’t he!
Seriously why is this a big deal? • Consider that all the cloud vendors in the world use OS level virtualization • Now all of those who use Xen, Qemu, KVM and Virtualbox were vulnerable to this • It doesn’t matter if the virtual machine is a linux box or a windows box
All of these use Xen/Qemu/KVM
How does it work? • So a VM (guest) gets access to virtual hardware of a physical machine (host) • Quick EMUlator (QEMU) is an open source hypervisor that performs hardware virtualization
Exploiting the QEMU Hypervisor • The hypervisor code sits between the guest and the host, operating as the ‘bridge’ and abstraction layer relied upon by either side to communicate with the other. • Incorporating all of the memory mapping and device drivers required to trick the guest into believing it is operating on real hardware.
Hypervisor and XEN
QEMU Floppy Disk Controller • The QEMU FDC is enabled by default in Xen and KVM platforms. • The problem exists in the Floppy Disk Controller, which is initialized for every x86 and x86_64 guest regardless of the configuration and cannot be removed or disabled.
QEMU Floppy Disk Controller • The QEMU FDC is enabled by default in Xen and KVM platforms. • The problem exists in the Floppy Disk Controller, which is initialized for every x86 and x86_64 guest regardless of the configuration and cannot be removed or disabled.
One Ring to Rule Them all
The Devil is in the C Code • FDC uses a buffer of 512 bytes to store the I/O command and its parameters • It has an index variable to access the buffer area • After every command the index variable is set to 0
Still the Devil is in the C Code The FDC’s data_pos and data_len fields above are initialized to 0 upon FDC reset. • For two of the command handler functions, the data_pos reset is delayed or circumvented. – FDC_CMD_READ_ID – FDC_CMD_DRIVE_SPECIFICATION_COMMAND
Buffer Overflow of FIFO buffer • The VENOM advisory talks about overflow of the *fifo buffer due to this particular reason
BARELY WORKING DEMO
Deja VM Bugs • BlackHat/DEFCON 2011 Talk: Breaking Out of KVM • CVE-2007-1744 – Directory traversal vulnerability in shared folders feature • CVE-2008-0923 – Path traversal vulnerability in VMware’s shared folders implementation • CVE-2009-1244 – Cloudburst (VMware virtual video adapter vulnerability) • CVE-2011-1751 – Missing hotplug check during device removal • CVE-2012-0217 – 64-bit PV guest privilege escalation vulnerability • CVE-2014-0983 – Oracle VirtualBox 3D acceleration multiple memory corruption vulnerabilities
Questions? • Ask Datta! @makash | aka@null.co.in | theappseclab.com
Attributions and References • Starting point for understanding http://venom.crowdstrike.com/ • http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3456 • https://access.redhat.com/articles/1444903 • CC BY-SA 3.0 File:Priv rings.svg Uploaded by OgreBot • https://en.wikipedia.org/wiki/Protection_ring#Hypervisor_mode • https://blog.nelhage.com/2011/08/breaking-out-of-kvm/ • https://github.com/nelhage/virtunoid • http://www.dedoimedo.com/computers/kvm-intro.html • http://blog.crowdstrike.com/venom-vulnerability-details/ • http://www.dedoimedo.com/computers/kvm-intro.html

Recommended

AWS Summit Auckland Sponsor Presentation - Dome9
AWS Summit Auckland Sponsor Presentation - Dome9AWS Summit Auckland Sponsor Presentation - Dome9
AWS Summit Auckland Sponsor Presentation - Dome9
Amazon Web Services
 
AWS Summit Auckland Sponsor Presentation - Vocus
AWS Summit Auckland Sponsor Presentation - VocusAWS Summit Auckland Sponsor Presentation - Vocus
AWS Summit Auckland Sponsor Presentation - Vocus
Amazon Web Services
 
Trust No-One Architecture For Services And Data
Trust No-One Architecture For Services And DataTrust No-One Architecture For Services And Data
Trust No-One Architecture For Services And Data
Aidan Finn
 
Azure security
Azure securityAzure security
Azure security
Lalit Rawat
 
Security OF The Cloud
Security OF The CloudSecurity OF The Cloud
Security OF The Cloud
Mark Nunnikhoven
 
AWS Summit Auckland Sponsor Presentation - Intel
AWS Summit Auckland Sponsor Presentation - IntelAWS Summit Auckland Sponsor Presentation - Intel
AWS Summit Auckland Sponsor Presentation - Intel
Amazon Web Services
 
Windows Azure Security Features And Functionality
Windows Azure Security Features And FunctionalityWindows Azure Security Features And Functionality
Windows Azure Security Features And Functionality
vivekbhat
 
Virtualization presentation
Virtualization presentationVirtualization presentation
Virtualization presentationMangesh Gunjal
 

Recommended

AWS Summit Auckland Sponsor Presentation - Dome9
AWS Summit Auckland Sponsor Presentation - Dome9AWS Summit Auckland Sponsor Presentation - Dome9
AWS Summit Auckland Sponsor Presentation - Dome9
Amazon Web Services
 
AWS Summit Auckland Sponsor Presentation - Vocus
AWS Summit Auckland Sponsor Presentation - VocusAWS Summit Auckland Sponsor Presentation - Vocus
AWS Summit Auckland Sponsor Presentation - Vocus
Amazon Web Services
 
Trust No-One Architecture For Services And Data
Trust No-One Architecture For Services And DataTrust No-One Architecture For Services And Data
Trust No-One Architecture For Services And Data
Aidan Finn
 
Azure security
Azure securityAzure security
Azure security
Lalit Rawat
 
Security OF The Cloud
Security OF The CloudSecurity OF The Cloud
Security OF The Cloud
Mark Nunnikhoven
 
AWS Summit Auckland Sponsor Presentation - Intel
AWS Summit Auckland Sponsor Presentation - IntelAWS Summit Auckland Sponsor Presentation - Intel
AWS Summit Auckland Sponsor Presentation - Intel
Amazon Web Services
 
Windows Azure Security Features And Functionality
Windows Azure Security Features And FunctionalityWindows Azure Security Features And Functionality
Windows Azure Security Features And Functionality
vivekbhat
 
Virtualization presentation
Virtualization presentationVirtualization presentation
Virtualization presentationMangesh Gunjal
 
Networking deep dive
Networking deep diveNetworking deep dive
Networking deep dive
Jeroen Niesen
 
Azure Networking - The First Technical Challenge
Azure Networking - The First Technical ChallengeAzure Networking - The First Technical Challenge
Azure Networking - The First Technical Challenge
Aidan Finn
 
Cloud Security
Cloud Security Cloud Security
Cloud Security
Giovanni Mazzeo
 
Azure Security Fundamentals
Azure Security FundamentalsAzure Security Fundamentals
Azure Security Fundamentals
Lorenzo Barbieri
 
Best Practices in Cloud Security
Best Practices in Cloud SecurityBest Practices in Cloud Security
Best Practices in Cloud Security
Alert Logic
 
Microsoft Azure Security Overview
Microsoft Azure Security OverviewMicrosoft Azure Security Overview
Microsoft Azure Security Overview
Alert Logic
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
Allen Brokken
 
SCUGBE_Lowlands_Unite_2017_Rest azured microsoft cloud demystified
SCUGBE_Lowlands_Unite_2017_Rest azured microsoft cloud demystifiedSCUGBE_Lowlands_Unite_2017_Rest azured microsoft cloud demystified
SCUGBE_Lowlands_Unite_2017_Rest azured microsoft cloud demystified
Kenny Buntinx
 
VMware vRealize Network Insight 3.4 whats new
VMware vRealize Network Insight 3.4 whats newVMware vRealize Network Insight 3.4 whats new
VMware vRealize Network Insight 3.4 whats new
VMware
 
Best Practices for Workload Security: Securing Servers in Modern Data Center ...
Best Practices for Workload Security: Securing Servers in Modern Data Center ...Best Practices for Workload Security: Securing Servers in Modern Data Center ...
Best Practices for Workload Security: Securing Servers in Modern Data Center ...
CloudPassage
 
Azure Security and Management
Azure Security and ManagementAzure Security and Management
Azure Security and Management
Allen Brokken
 
Cisco Security portfolio update
Cisco Security portfolio updateCisco Security portfolio update
Cisco Security portfolio update
Atanas Gergiminov
 
VMware vRealize Network Insight 3.5 - Whats New
VMware vRealize Network Insight 3.5 - Whats NewVMware vRealize Network Insight 3.5 - Whats New
VMware vRealize Network Insight 3.5 - Whats New
VMware
 
vRealize Network Insight 3.9
vRealize Network Insight 3.9vRealize Network Insight 3.9
vRealize Network Insight 3.9
VMware
 
Improving Application Security With Azure
Improving Application Security With AzureImproving Application Security With Azure
Improving Application Security With Azure
Softchoice Corporation
 
Webinar NETGEAR - Come Netgear può aiutare a mitigare gli effetti del Ransomware
Webinar NETGEAR - Come Netgear può aiutare a mitigare gli effetti del RansomwareWebinar NETGEAR - Come Netgear può aiutare a mitigare gli effetti del Ransomware
Webinar NETGEAR - Come Netgear può aiutare a mitigare gli effetti del Ransomware
Netgear Italia
 
Slashing Your Cloud Risk: 3 Must-Do's
Slashing Your Cloud Risk: 3 Must-Do'sSlashing Your Cloud Risk: 3 Must-Do's
Slashing Your Cloud Risk: 3 Must-Do's
Security Innovation
 
Webinar NETGEAR - Acronis e Netgear una panoramicadelle soluzioni per la prot...
Webinar NETGEAR - Acronis e Netgear una panoramicadelle soluzioni per la prot...Webinar NETGEAR - Acronis e Netgear una panoramicadelle soluzioni per la prot...
Webinar NETGEAR - Acronis e Netgear una panoramicadelle soluzioni per la prot...
Netgear Italia
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
Rashmi Agale
 
CLOUDSEC LONDON 2016 - Puneet Kukreja - Enabling Cloud Security -
CLOUDSEC LONDON 2016 - Puneet Kukreja - Enabling Cloud Security - CLOUDSEC LONDON 2016 - Puneet Kukreja - Enabling Cloud Security -
CLOUDSEC LONDON 2016 - Puneet Kukreja - Enabling Cloud Security -
Puneet Kukreja
 
LCEU13: Securing your cloud with Xen's advanced security features - George Du...
LCEU13: Securing your cloud with Xen's advanced security features - George Du...LCEU13: Securing your cloud with Xen's advanced security features - George Du...
LCEU13: Securing your cloud with Xen's advanced security features - George Du...
The Linux Foundation
 
Grinder talk
Grinder talk Grinder talk
Grinder talk
n|u - The Open Security Community
 

More Related Content

What's hot

Networking deep dive
Networking deep diveNetworking deep dive
Networking deep dive
Jeroen Niesen
 
Azure Networking - The First Technical Challenge
Azure Networking - The First Technical ChallengeAzure Networking - The First Technical Challenge
Azure Networking - The First Technical Challenge
Aidan Finn
 
Cloud Security
Cloud Security Cloud Security
Cloud Security
Giovanni Mazzeo
 
Azure Security Fundamentals
Azure Security FundamentalsAzure Security Fundamentals
Azure Security Fundamentals
Lorenzo Barbieri
 
Best Practices in Cloud Security
Best Practices in Cloud SecurityBest Practices in Cloud Security
Best Practices in Cloud Security
Alert Logic
 
Microsoft Azure Security Overview
Microsoft Azure Security OverviewMicrosoft Azure Security Overview
Microsoft Azure Security Overview
Alert Logic
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
Allen Brokken
 
SCUGBE_Lowlands_Unite_2017_Rest azured microsoft cloud demystified
SCUGBE_Lowlands_Unite_2017_Rest azured microsoft cloud demystifiedSCUGBE_Lowlands_Unite_2017_Rest azured microsoft cloud demystified
SCUGBE_Lowlands_Unite_2017_Rest azured microsoft cloud demystified
Kenny Buntinx
 
VMware vRealize Network Insight 3.4 whats new
VMware vRealize Network Insight 3.4 whats newVMware vRealize Network Insight 3.4 whats new
VMware vRealize Network Insight 3.4 whats new
VMware
 
Best Practices for Workload Security: Securing Servers in Modern Data Center ...
Best Practices for Workload Security: Securing Servers in Modern Data Center ...Best Practices for Workload Security: Securing Servers in Modern Data Center ...
Best Practices for Workload Security: Securing Servers in Modern Data Center ...
CloudPassage
 
Azure Security and Management
Azure Security and ManagementAzure Security and Management
Azure Security and Management
Allen Brokken
 
Cisco Security portfolio update
Cisco Security portfolio updateCisco Security portfolio update
Cisco Security portfolio update
Atanas Gergiminov
 
VMware vRealize Network Insight 3.5 - Whats New
VMware vRealize Network Insight 3.5 - Whats NewVMware vRealize Network Insight 3.5 - Whats New
VMware vRealize Network Insight 3.5 - Whats New
VMware
 
vRealize Network Insight 3.9
vRealize Network Insight 3.9vRealize Network Insight 3.9
vRealize Network Insight 3.9
VMware
 
Improving Application Security With Azure
Improving Application Security With AzureImproving Application Security With Azure
Improving Application Security With Azure
Softchoice Corporation
 
Webinar NETGEAR - Come Netgear può aiutare a mitigare gli effetti del Ransomware
Webinar NETGEAR - Come Netgear può aiutare a mitigare gli effetti del RansomwareWebinar NETGEAR - Come Netgear può aiutare a mitigare gli effetti del Ransomware
Webinar NETGEAR - Come Netgear può aiutare a mitigare gli effetti del Ransomware
Netgear Italia
 
Slashing Your Cloud Risk: 3 Must-Do's
Slashing Your Cloud Risk: 3 Must-Do'sSlashing Your Cloud Risk: 3 Must-Do's
Slashing Your Cloud Risk: 3 Must-Do's
Security Innovation
 
Webinar NETGEAR - Acronis e Netgear una panoramicadelle soluzioni per la prot...
Webinar NETGEAR - Acronis e Netgear una panoramicadelle soluzioni per la prot...Webinar NETGEAR - Acronis e Netgear una panoramicadelle soluzioni per la prot...
Webinar NETGEAR - Acronis e Netgear una panoramicadelle soluzioni per la prot...
Netgear Italia
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
Rashmi Agale
 
CLOUDSEC LONDON 2016 - Puneet Kukreja - Enabling Cloud Security -
CLOUDSEC LONDON 2016 - Puneet Kukreja - Enabling Cloud Security - CLOUDSEC LONDON 2016 - Puneet Kukreja - Enabling Cloud Security -
CLOUDSEC LONDON 2016 - Puneet Kukreja - Enabling Cloud Security -
Puneet Kukreja
 

What's hot (20)

Networking deep dive
Networking deep diveNetworking deep dive
Networking deep dive
 
Azure Networking - The First Technical Challenge
Azure Networking - The First Technical ChallengeAzure Networking - The First Technical Challenge
Azure Networking - The First Technical Challenge
 
Cloud Security
Cloud Security Cloud Security
Cloud Security
 
Azure Security Fundamentals
Azure Security FundamentalsAzure Security Fundamentals
Azure Security Fundamentals
 
Best Practices in Cloud Security
Best Practices in Cloud SecurityBest Practices in Cloud Security
Best Practices in Cloud Security
 
Microsoft Azure Security Overview
Microsoft Azure Security OverviewMicrosoft Azure Security Overview
Microsoft Azure Security Overview
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
 
SCUGBE_Lowlands_Unite_2017_Rest azured microsoft cloud demystified
SCUGBE_Lowlands_Unite_2017_Rest azured microsoft cloud demystifiedSCUGBE_Lowlands_Unite_2017_Rest azured microsoft cloud demystified
SCUGBE_Lowlands_Unite_2017_Rest azured microsoft cloud demystified
 
VMware vRealize Network Insight 3.4 whats new
VMware vRealize Network Insight 3.4 whats newVMware vRealize Network Insight 3.4 whats new
VMware vRealize Network Insight 3.4 whats new
 
Best Practices for Workload Security: Securing Servers in Modern Data Center ...
Best Practices for Workload Security: Securing Servers in Modern Data Center ...Best Practices for Workload Security: Securing Servers in Modern Data Center ...
Best Practices for Workload Security: Securing Servers in Modern Data Center ...
 
Azure Security and Management
Azure Security and ManagementAzure Security and Management
Azure Security and Management
 
Cisco Security portfolio update
Cisco Security portfolio updateCisco Security portfolio update
Cisco Security portfolio update
 
VMware vRealize Network Insight 3.5 - Whats New
VMware vRealize Network Insight 3.5 - Whats NewVMware vRealize Network Insight 3.5 - Whats New
VMware vRealize Network Insight 3.5 - Whats New
 
vRealize Network Insight 3.9
vRealize Network Insight 3.9vRealize Network Insight 3.9
vRealize Network Insight 3.9
 
Improving Application Security With Azure
Improving Application Security With AzureImproving Application Security With Azure
Improving Application Security With Azure
 
Webinar NETGEAR - Come Netgear può aiutare a mitigare gli effetti del Ransomware
Webinar NETGEAR - Come Netgear può aiutare a mitigare gli effetti del RansomwareWebinar NETGEAR - Come Netgear può aiutare a mitigare gli effetti del Ransomware
Webinar NETGEAR - Come Netgear può aiutare a mitigare gli effetti del Ransomware
 
Slashing Your Cloud Risk: 3 Must-Do's
Slashing Your Cloud Risk: 3 Must-Do'sSlashing Your Cloud Risk: 3 Must-Do's
Slashing Your Cloud Risk: 3 Must-Do's
 
Webinar NETGEAR - Acronis e Netgear una panoramicadelle soluzioni per la prot...
Webinar NETGEAR - Acronis e Netgear una panoramicadelle soluzioni per la prot...Webinar NETGEAR - Acronis e Netgear una panoramicadelle soluzioni per la prot...
Webinar NETGEAR - Acronis e Netgear una panoramicadelle soluzioni per la prot...
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
CLOUDSEC LONDON 2016 - Puneet Kukreja - Enabling Cloud Security -
CLOUDSEC LONDON 2016 - Puneet Kukreja - Enabling Cloud Security - CLOUDSEC LONDON 2016 - Puneet Kukreja - Enabling Cloud Security -
CLOUDSEC LONDON 2016 - Puneet Kukreja - Enabling Cloud Security -
 

Viewers also liked

LCEU13: Securing your cloud with Xen's advanced security features - George Du...
LCEU13: Securing your cloud with Xen's advanced security features - George Du...LCEU13: Securing your cloud with Xen's advanced security features - George Du...
LCEU13: Securing your cloud with Xen's advanced security features - George Du...
The Linux Foundation
 
Grinder talk
Grinder talk Grinder talk
Grinder talk
n|u - The Open Security Community
 
Radare2 - An Introduction by Anto Joseph
Radare2 - An Introduction by Anto JosephRadare2 - An Introduction by Anto Joseph
Radare2 - An Introduction by Anto Joseph
Anthony Jose
 
Panel discussion social engineering - manasdeep - nullmeetblr 21st June 2015
Panel discussion social engineering - manasdeep - nullmeetblr 21st June 2015Panel discussion social engineering - manasdeep - nullmeetblr 21st June 2015
Panel discussion social engineering - manasdeep - nullmeetblr 21st June 2015
n|u - The Open Security Community
 
Threat intelligence - nullmeetblr 21st June 2015
Threat intelligence - nullmeetblr 21st June 2015Threat intelligence - nullmeetblr 21st June 2015
Threat intelligence - nullmeetblr 21st June 2015
n|u - The Open Security Community
 
Csp july2015
Csp july2015Csp july2015
Csp july2015
n|u - The Open Security Community
 
Demystifying captcha Bangalore Meet April 18
Demystifying captcha Bangalore Meet April 18Demystifying captcha Bangalore Meet April 18
Demystifying captcha Bangalore Meet April 18
n|u - The Open Security Community
 
Flashack
FlashackFlashack
Flashack
n|u - The Open Security Community
 
Secuirty News Bytes-Bangalore may 2014
Secuirty News Bytes-Bangalore may 2014 Secuirty News Bytes-Bangalore may 2014
Secuirty News Bytes-Bangalore may 2014
n|u - The Open Security Community
 
Browser Exploit Framework
Browser Exploit FrameworkBrowser Exploit Framework
Browser Exploit Framework
n|u - The Open Security Community
 
The Shellshocker
The ShellshockerThe Shellshocker
The Shellshocker
Sharath Unni
 
IOS Security Basics - NULL/ OWASP/G4H Meet
IOS Security Basics - NULL/ OWASP/G4H MeetIOS Security Basics - NULL/ OWASP/G4H Meet
IOS Security Basics - NULL/ OWASP/G4H Meet
Anthony Jose
 
Netcat - A Swiss Army Tool
Netcat - A Swiss Army ToolNetcat - A Swiss Army Tool
Netcat - A Swiss Army Tool
Chandrapal Badshah
 
Metasploit Demo
Metasploit DemoMetasploit Demo
Metasploit Demo
n|u - The Open Security Community
 
IE Memory Protector
IE Memory ProtectorIE Memory Protector
IE Memory Protector
3S Labs
 
ESAPI
ESAPIESAPI
ESAPI
n|u - The Open Security Community
 
Owasp Mobile Top 10 – 2014
Owasp Mobile Top 10 – 2014Owasp Mobile Top 10 – 2014
Owasp Mobile Top 10 – 2014
n|u - The Open Security Community
 
Owasp m7-m8-shivang nullmeetblr 21june2015
Owasp m7-m8-shivang nullmeetblr 21june2015Owasp m7-m8-shivang nullmeetblr 21june2015
Owasp m7-m8-shivang nullmeetblr 21june2015
n|u - The Open Security Community
 
Dark Arts Of Social Engineering
Dark Arts Of Social EngineeringDark Arts Of Social Engineering
Dark Arts Of Social Engineering
Nutan Kumar Panda
 

Viewers also liked (20)

LCEU13: Securing your cloud with Xen's advanced security features - George Du...
LCEU13: Securing your cloud with Xen's advanced security features - George Du...LCEU13: Securing your cloud with Xen's advanced security features - George Du...
LCEU13: Securing your cloud with Xen's advanced security features - George Du...
 
Grinder talk
Grinder talk Grinder talk
Grinder talk
 
Radare2 - An Introduction by Anto Joseph
Radare2 - An Introduction by Anto JosephRadare2 - An Introduction by Anto Joseph
Radare2 - An Introduction by Anto Joseph
 
Panel discussion social engineering - manasdeep - nullmeetblr 21st June 2015
Panel discussion social engineering - manasdeep - nullmeetblr 21st June 2015Panel discussion social engineering - manasdeep - nullmeetblr 21st June 2015
Panel discussion social engineering - manasdeep - nullmeetblr 21st June 2015
 
Threat intelligence - nullmeetblr 21st June 2015
Threat intelligence - nullmeetblr 21st June 2015Threat intelligence - nullmeetblr 21st June 2015
Threat intelligence - nullmeetblr 21st June 2015
 
Csp july2015
Csp july2015Csp july2015
Csp july2015
 
Demystifying captcha Bangalore Meet April 18
Demystifying captcha Bangalore Meet April 18Demystifying captcha Bangalore Meet April 18
Demystifying captcha Bangalore Meet April 18
 
Flashack
FlashackFlashack
Flashack
 
Secuirty News Bytes-Bangalore may 2014
Secuirty News Bytes-Bangalore may 2014 Secuirty News Bytes-Bangalore may 2014
Secuirty News Bytes-Bangalore may 2014
 
Browser Exploit Framework
Browser Exploit FrameworkBrowser Exploit Framework
Browser Exploit Framework
 
The Shellshocker
The ShellshockerThe Shellshocker
The Shellshocker
 
IOS Security Basics - NULL/ OWASP/G4H Meet
IOS Security Basics - NULL/ OWASP/G4H MeetIOS Security Basics - NULL/ OWASP/G4H Meet
IOS Security Basics - NULL/ OWASP/G4H Meet
 
Netcat - A Swiss Army Tool
Netcat - A Swiss Army ToolNetcat - A Swiss Army Tool
Netcat - A Swiss Army Tool
 
Metasploit Demo
Metasploit DemoMetasploit Demo
Metasploit Demo
 
IE Memory Protector
IE Memory ProtectorIE Memory Protector
IE Memory Protector
 
ESAPI
ESAPIESAPI
ESAPI
 
Owasp Mobile Top 10 – 2014
Owasp Mobile Top 10 – 2014Owasp Mobile Top 10 – 2014
Owasp Mobile Top 10 – 2014
 
Recon ng null meet April 2015
Recon ng null meet April 2015Recon ng null meet April 2015
Recon ng null meet April 2015
 
Owasp m7-m8-shivang nullmeetblr 21june2015
Owasp m7-m8-shivang nullmeetblr 21june2015Owasp m7-m8-shivang nullmeetblr 21june2015
Owasp m7-m8-shivang nullmeetblr 21june2015
 
Dark Arts Of Social Engineering
Dark Arts Of Social EngineeringDark Arts Of Social Engineering
Dark Arts Of Social Engineering
 

Similar to Venom vulnerability Overview and a basic demo

Kernel Mode Threats and Practical Defenses
Kernel Mode Threats and Practical DefensesKernel Mode Threats and Practical Defenses
Kernel Mode Threats and Practical Defenses
Priyanka Aash
 
Rmll Virtualization As Is Tool 20090707 V1.0
Rmll Virtualization As Is Tool 20090707 V1.0Rmll Virtualization As Is Tool 20090707 V1.0
Rmll Virtualization As Is Tool 20090707 V1.0guest72e8c1
 
VM Forking and Hypervisor-based Fuzzing with Xen
VM Forking and Hypervisor-based Fuzzing with XenVM Forking and Hypervisor-based Fuzzing with Xen
VM Forking and Hypervisor-based Fuzzing with Xen
Tamas K Lengyel
 
Venom vulnerability
Venom vulnerabilityVenom vulnerability
Venom vulnerability
Portcullis Computer Security
 
OffensiveCon2022: Case Studies of Fuzzing with Xen
OffensiveCon2022: Case Studies of Fuzzing with XenOffensiveCon2022: Case Studies of Fuzzing with Xen
OffensiveCon2022: Case Studies of Fuzzing with Xen
Tamas K Lengyel
 
17-virtualization.pptx
17-virtualization.pptx17-virtualization.pptx
17-virtualization.pptx
KowsalyaJayakumar2
 
Fuzzing_with_Xen.pdf
Fuzzing_with_Xen.pdfFuzzing_with_Xen.pdf
Fuzzing_with_Xen.pdf
distortdistort
 
Virtualization
VirtualizationVirtualization
Virtualization
Chandan Varadaraj
 
Experiences porting KVM to SmartOS
Experiences porting KVM to SmartOSExperiences porting KVM to SmartOS
Experiences porting KVM to SmartOS
bcantrill
 
Joyent's Bryan Cantrill: Experiences Porting KVM to SmartOS at KVM Forum, Aug...
Joyent's Bryan Cantrill: Experiences Porting KVM to SmartOS at KVM Forum, Aug...Joyent's Bryan Cantrill: Experiences Porting KVM to SmartOS at KVM Forum, Aug...
Joyent's Bryan Cantrill: Experiences Porting KVM to SmartOS at KVM Forum, Aug...
Peter Tripp
 
virtual machine.ppt
virtual machine.pptvirtual machine.ppt
virtual machine.ppt
SushantShinde74
 
5. IO virtualization
5. IO virtualization5. IO virtualization
5. IO virtualization
Hwanju Kim
 
Kvm virtualization in_rhel_7
Kvm virtualization in_rhel_7Kvm virtualization in_rhel_7
Kvm virtualization in_rhel_7
Urgen Sherpa
 
CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...
CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...
CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...
The Linux Foundation
 
ZertoCON_Support_Toolz.pdf
ZertoCON_Support_Toolz.pdfZertoCON_Support_Toolz.pdf
ZertoCON_Support_Toolz.pdf
testslebew
 
RHEL5 XEN HandOnTraining_v0.4.pdf
RHEL5 XEN HandOnTraining_v0.4.pdfRHEL5 XEN HandOnTraining_v0.4.pdf
RHEL5 XEN HandOnTraining_v0.4.pdf
Paul Yang
 
VSPEX Blue, une infrastructure hyper-convergée simple et sûre pour votre SDDC
VSPEX Blue, une infrastructure hyper-convergée simple et sûre pour votre SDDCVSPEX Blue, une infrastructure hyper-convergée simple et sûre pour votre SDDC
VSPEX Blue, une infrastructure hyper-convergée simple et sûre pour votre SDDC
RSD
 
ELC21: VM-to-VM Communication Mechanisms for Embedded
ELC21: VM-to-VM Communication Mechanisms for EmbeddedELC21: VM-to-VM Communication Mechanisms for Embedded
ELC21: VM-to-VM Communication Mechanisms for Embedded
Stefano Stabellini
 
Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And...
Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And...Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And...
Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And...
ShapeBlue
 

Similar to Venom vulnerability Overview and a basic demo (20)

Kernel Mode Threats and Practical Defenses
Kernel Mode Threats and Practical DefensesKernel Mode Threats and Practical Defenses
Kernel Mode Threats and Practical Defenses
 
RMLL / LSM 2009
RMLL / LSM 2009RMLL / LSM 2009
RMLL / LSM 2009
 
Rmll Virtualization As Is Tool 20090707 V1.0
Rmll Virtualization As Is Tool 20090707 V1.0Rmll Virtualization As Is Tool 20090707 V1.0
Rmll Virtualization As Is Tool 20090707 V1.0
 
VM Forking and Hypervisor-based Fuzzing with Xen
VM Forking and Hypervisor-based Fuzzing with XenVM Forking and Hypervisor-based Fuzzing with Xen
VM Forking and Hypervisor-based Fuzzing with Xen
 
Venom vulnerability
Venom vulnerabilityVenom vulnerability
Venom vulnerability
 
OffensiveCon2022: Case Studies of Fuzzing with Xen
OffensiveCon2022: Case Studies of Fuzzing with XenOffensiveCon2022: Case Studies of Fuzzing with Xen
OffensiveCon2022: Case Studies of Fuzzing with Xen
 
17-virtualization.pptx
17-virtualization.pptx17-virtualization.pptx
17-virtualization.pptx
 
Fuzzing_with_Xen.pdf
Fuzzing_with_Xen.pdfFuzzing_with_Xen.pdf
Fuzzing_with_Xen.pdf
 
Virtualization
VirtualizationVirtualization
Virtualization
 
Experiences porting KVM to SmartOS
Experiences porting KVM to SmartOSExperiences porting KVM to SmartOS
Experiences porting KVM to SmartOS
 
Joyent's Bryan Cantrill: Experiences Porting KVM to SmartOS at KVM Forum, Aug...
Joyent's Bryan Cantrill: Experiences Porting KVM to SmartOS at KVM Forum, Aug...Joyent's Bryan Cantrill: Experiences Porting KVM to SmartOS at KVM Forum, Aug...
Joyent's Bryan Cantrill: Experiences Porting KVM to SmartOS at KVM Forum, Aug...
 
virtual machine.ppt
virtual machine.pptvirtual machine.ppt
virtual machine.ppt
 
5. IO virtualization
5. IO virtualization5. IO virtualization
5. IO virtualization
 
Kvm virtualization in_rhel_7
Kvm virtualization in_rhel_7Kvm virtualization in_rhel_7
Kvm virtualization in_rhel_7
 
CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...
CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...
CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...
 
ZertoCON_Support_Toolz.pdf
ZertoCON_Support_Toolz.pdfZertoCON_Support_Toolz.pdf
ZertoCON_Support_Toolz.pdf
 
RHEL5 XEN HandOnTraining_v0.4.pdf
RHEL5 XEN HandOnTraining_v0.4.pdfRHEL5 XEN HandOnTraining_v0.4.pdf
RHEL5 XEN HandOnTraining_v0.4.pdf
 
VSPEX Blue, une infrastructure hyper-convergée simple et sûre pour votre SDDC
VSPEX Blue, une infrastructure hyper-convergée simple et sûre pour votre SDDCVSPEX Blue, une infrastructure hyper-convergée simple et sûre pour votre SDDC
VSPEX Blue, une infrastructure hyper-convergée simple et sûre pour votre SDDC
 
ELC21: VM-to-VM Communication Mechanisms for Embedded
ELC21: VM-to-VM Communication Mechanisms for EmbeddedELC21: VM-to-VM Communication Mechanisms for Embedded
ELC21: VM-to-VM Communication Mechanisms for Embedded
 
Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And...
Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And...Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And...
Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And...
 

More from Akash Mahajan

On Writing Well - A talk given at WinjaBlogs Session
On Writing Well - A talk given at WinjaBlogs SessionOn Writing Well - A talk given at WinjaBlogs Session
On Writing Well - A talk given at WinjaBlogs Session
Akash Mahajan
 
App sec in the time of docker containers
App sec in the time of docker containersApp sec in the time of docker containers
App sec in the time of docker containers
Akash Mahajan
 
Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014
Akash Mahajan
 
INCOMPLETE - OUTLINE for RootConf 2014 - The little-servcie-which-wasn't-there
INCOMPLETE - OUTLINE for RootConf 2014 - The little-servcie-which-wasn't-thereINCOMPLETE - OUTLINE for RootConf 2014 - The little-servcie-which-wasn't-there
INCOMPLETE - OUTLINE for RootConf 2014 - The little-servcie-which-wasn't-there
Akash Mahajan
 
The real incident of stealing a droid app+data
The real incident of stealing a droid app+dataThe real incident of stealing a droid app+data
The real incident of stealing a droid app+data
Akash Mahajan
 
Believe It Or Not SSL Attacks
Believe It Or Not SSL AttacksBelieve It Or Not SSL Attacks
Believe It Or Not SSL Attacks
Akash Mahajan
 
I haz your mouse clicks and key strokes
I haz your mouse clicks and key strokesI haz your mouse clicks and key strokes
I haz your mouse clicks and key strokes
Akash Mahajan
 
Hackers versus Developers and Secure Web Programming
Hackers versus Developers and Secure Web ProgrammingHackers versus Developers and Secure Web Programming
Hackers versus Developers and Secure Web ProgrammingAkash Mahajan
 
Secure HTTP Headers c0c0n 2011 Akash Mahajan
Secure HTTP Headers c0c0n 2011 Akash MahajanSecure HTTP Headers c0c0n 2011 Akash Mahajan
Secure HTTP Headers c0c0n 2011 Akash Mahajan
Akash Mahajan
 
Php security
Php securityPhp security
Php security
Akash Mahajan
 
Secure passwords-theory-and-practice
Secure passwords-theory-and-practiceSecure passwords-theory-and-practice
Secure passwords-theory-and-practice
Akash Mahajan
 
Top 10 web application security risks akash mahajan
Top 10 web application security risks akash mahajanTop 10 web application security risks akash mahajan
Top 10 web application security risks akash mahajan
Akash Mahajan
 
Web application security
Web application securityWeb application security
Web application securityAkash Mahajan
 
Web application security
Web application securityWeb application security
Web application securityAkash Mahajan
 
Web application security
Web application securityWeb application security
Web application securityAkash Mahajan
 
Secure Programming In Php
Secure Programming In PhpSecure Programming In Php
Secure Programming In Php
Akash Mahajan
 
Startups Security
Startups SecurityStartups Security
Startups Security
Akash Mahajan
 

More from Akash Mahajan (17)

On Writing Well - A talk given at WinjaBlogs Session
On Writing Well - A talk given at WinjaBlogs SessionOn Writing Well - A talk given at WinjaBlogs Session
On Writing Well - A talk given at WinjaBlogs Session
 
App sec in the time of docker containers
App sec in the time of docker containersApp sec in the time of docker containers
App sec in the time of docker containers
 
Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014
 
INCOMPLETE - OUTLINE for RootConf 2014 - The little-servcie-which-wasn't-there
INCOMPLETE - OUTLINE for RootConf 2014 - The little-servcie-which-wasn't-thereINCOMPLETE - OUTLINE for RootConf 2014 - The little-servcie-which-wasn't-there
INCOMPLETE - OUTLINE for RootConf 2014 - The little-servcie-which-wasn't-there
 
The real incident of stealing a droid app+data
The real incident of stealing a droid app+dataThe real incident of stealing a droid app+data
The real incident of stealing a droid app+data
 
Believe It Or Not SSL Attacks
Believe It Or Not SSL AttacksBelieve It Or Not SSL Attacks
Believe It Or Not SSL Attacks
 
I haz your mouse clicks and key strokes
I haz your mouse clicks and key strokesI haz your mouse clicks and key strokes
I haz your mouse clicks and key strokes
 
Hackers versus Developers and Secure Web Programming
Hackers versus Developers and Secure Web ProgrammingHackers versus Developers and Secure Web Programming
Hackers versus Developers and Secure Web Programming
 
Secure HTTP Headers c0c0n 2011 Akash Mahajan
Secure HTTP Headers c0c0n 2011 Akash MahajanSecure HTTP Headers c0c0n 2011 Akash Mahajan
Secure HTTP Headers c0c0n 2011 Akash Mahajan
 
Php security
Php securityPhp security
Php security
 
Secure passwords-theory-and-practice
Secure passwords-theory-and-practiceSecure passwords-theory-and-practice
Secure passwords-theory-and-practice
 
Top 10 web application security risks akash mahajan
Top 10 web application security risks akash mahajanTop 10 web application security risks akash mahajan
Top 10 web application security risks akash mahajan
 
Web application security
Web application securityWeb application security
Web application security
 
Web application security
Web application securityWeb application security
Web application security
 
Web application security
Web application securityWeb application security
Web application security
 
Secure Programming In Php
Secure Programming In PhpSecure Programming In Php
Secure Programming In Php
 
Startups Security
Startups SecurityStartups Security
Startups Security
 

Recently uploaded

Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Inflectra
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
Frank van Harmelen
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Tobias Schneck
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Ramesh Iyer
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Thierry Lestable
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
DianaGray10
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
Product School
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
RTTS
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
Dorra BARTAGUIZ
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Product School
 

Recently uploaded (20)

Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 

Venom vulnerability Overview and a basic demo

  • 1. VENOM DEMO & FAQ Akash Mahajan
  • 2. VENOM is an acronym for V IRTUALIZE D ENVIRONMENT NEGLEC TE D O PE RATIONS M ANIPULATION
  • 3. What is VENOM? It is a security vulnerability in the virtual floppy drive code used by many computer virtualization platforms.
  • 4. What does it do? This vulnerability may allow an attacker to escape from the confines of an affected virtual machine (VM) guest and potentially obtain code- execution access to the host.
  • 5. Why is it a big deal? He was right about the cloud, wasn’t he!
  • 6. Seriously why is this a big deal? • Consider that all the cloud vendors in the world use OS level virtualization • Now all of those who use Xen, Qemu, KVM and Virtualbox were vulnerable to this • It doesn’t matter if the virtual machine is a linux box or a windows box
  • 7. All of these use Xen/Qemu/KVM
  • 8. How does it work? • So a VM (guest) gets access to virtual hardware of a physical machine (host) • Quick EMUlator (QEMU) is an open source hypervisor that performs hardware virtualization
  • 9. Exploiting the QEMU Hypervisor • The hypervisor code sits between the guest and the host, operating as the ‘bridge’ and abstraction layer relied upon by either side to communicate with the other. • Incorporating all of the memory mapping and device drivers required to trick the guest into believing it is operating on real hardware.
  • 11. QEMU Floppy Disk Controller • The QEMU FDC is enabled by default in Xen and KVM platforms. • The problem exists in the Floppy Disk Controller, which is initialized for every x86 and x86_64 guest regardless of the configuration and cannot be removed or disabled.
  • 12. QEMU Floppy Disk Controller • The QEMU FDC is enabled by default in Xen and KVM platforms. • The problem exists in the Floppy Disk Controller, which is initialized for every x86 and x86_64 guest regardless of the configuration and cannot be removed or disabled.
  • 13. One Ring to Rule Them all
  • 14. The Devil is in the C Code • FDC uses a buffer of 512 bytes to store the I/O command and its parameters • It has an index variable to access the buffer area • After every command the index variable is set to 0
  • 15. Still the Devil is in the C Code The FDC’s data_pos and data_len fields above are initialized to 0 upon FDC reset. • For two of the command handler functions, the data_pos reset is delayed or circumvented. – FDC_CMD_READ_ID – FDC_CMD_DRIVE_SPECIFICATION_COMMAND
  • 16. Buffer Overflow of FIFO buffer • The VENOM advisory talks about overflow of the *fifo buffer due to this particular reason
  • 18. Deja VM Bugs • BlackHat/DEFCON 2011 Talk: Breaking Out of KVM • CVE-2007-1744 – Directory traversal vulnerability in shared folders feature • CVE-2008-0923 – Path traversal vulnerability in VMware’s shared folders implementation • CVE-2009-1244 – Cloudburst (VMware virtual video adapter vulnerability) • CVE-2011-1751 – Missing hotplug check during device removal • CVE-2012-0217 – 64-bit PV guest privilege escalation vulnerability • CVE-2014-0983 – Oracle VirtualBox 3D acceleration multiple memory corruption vulnerabilities
  • 19. Questions? • Ask Datta! @makash | aka@null.co.in | theappseclab.com
  • 20. Attributions and References • Starting point for understanding http://venom.crowdstrike.com/ • http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3456 • https://access.redhat.com/articles/1444903 • CC BY-SA 3.0 File:Priv rings.svg Uploaded by OgreBot • https://en.wikipedia.org/wiki/Protection_ring#Hypervisor_mode • https://blog.nelhage.com/2011/08/breaking-out-of-kvm/ • https://github.com/nelhage/virtunoid • http://www.dedoimedo.com/computers/kvm-intro.html • http://blog.crowdstrike.com/venom-vulnerability-details/ • http://www.dedoimedo.com/computers/kvm-intro.html

Editor's Notes

  1. Free sticker to the first person who knows his full name Vishwa Bandhu Gupta
  2. Hyper-V wasn’t vulnerable to this. So Yay Microsoft
  3. http://blogs.it.ox.ac.uk/oxcert/2015/05/13/cve-2015-3456-venom/
  4. Privilege rings for the x86 available in protected mode