This vulnerability, called VENOM, allows an attacker to escape from a virtual machine guest into the host system. It affects virtualization platforms that use Xen, Qemu, KVM, or VirtualBox as their hypervisor. The vulnerability is in the virtual floppy disk controller code, which contains a buffer overflow issue. This allows an attacker to potentially gain code execution on the host machine. It is a serious issue because many cloud providers use these vulnerable virtualization platforms.
A providers view of security in the cloud. This talk shows how the main cloud providers (AWS & Azure) build security into their cloud services and how they contribute to the shared responsibility model for security in the cloud.
A providers view of security in the cloud. This talk shows how the main cloud providers (AWS & Azure) build security into their cloud services and how they contribute to the shared responsibility model for security in the cloud.
Azure Networking - The First Technical ChallengeAidan Finn
The first "technical" obstacle for many organisations in Azure adoption is often the design of a secure and accessible network or landing zone for workloads and data.
This presentation walks through the Security and Compliance functionality to customers leveraging Azure as a compute environment. It includes deep-dive references to detailed information on each topic presented.
SCUGBE_Lowlands_Unite_2017_Rest azured microsoft cloud demystifiedKenny Buntinx
There is a lot of misconceptions about Microsoft’s public cloud offering Azure, especially for IT infrastructure administrators but also for it’s consumers. In this session, Kenneth van Surksum will demystify some of the most common questions when talking about public cloud, like:
· Will moving our on-premise infrastructure to the cloud solve many of the problems we are facing today?
· Can developers just consume Azure, or should they align the IT infrastructure department before starting to develop, and if so why?
· Is Cloud computing a next generation virtualization platform?
· Will we once we move all of our infrastructure to Azure be relieved migration headaches?
· And much more….
Kenneth will share his experiences from implementing Azure solutions at customers with the audience. The goal of this session is to make people, who want to start working with Azure aware of the caveats so that they don’t make the obvious mistakes.
An overview of Whats New in VMware vRealize Network Insight 3.4. vRealize Network Insight provides micro-segmentation planning, 360 visibility and troubleshooting and VMware NSX day 2 operations management.
Best Practices for Workload Security: Securing Servers in Modern Data Center ...CloudPassage
Presentation slides from Black Hat 2016. Presented by Sami Laine, Principal Technologist at CloudPassage & Aaron McKeown, Lead Security Architect of Xero.
VMware vRealize Network Insight delivers intelligent operations for software-defined networking and security across virtual, physical and multiple-clouds with micro-segmentation planning, 360 visibility and NSX operations.
Application development and deployment in the traditional datacenter has been a challenge for many organizations primarily due to resource constraints. This has historically led to unfortunate compromises between functionality and security for business applications.
With public cloud providers, we have seen the limitations to technical capabilities fall away; the attainable to the Fortune 500 has become available to organizations of any size.
This yields some exciting new options for the development, deployment and operation of secure applications. Here you will find the presentation deck and recording of webinar.
Webinar NETGEAR - Come Netgear può aiutare a mitigare gli effetti del RansomwareNetgear Italia
Cosa è e come agisce il Ransomware, le azioni da intrapprendere e cosa Netgear può favorire la mitigazione della minaccia. Snapshot istantanee illimitate a livello blocco dati e ReadyRecover, la soluzione di backup appliance per ottenere full backup ogni 15 minuti di ogni sistema windows in Azienda.
The cloud is a cost-effective way to provide maximum accessibility for your customers. However, organizations often fail to optimize and configure it properly for their environment, leaving them inadvertently exposed.
These slides are from our recent webinar covering proven techniques that reduce cloud risk, including:
• Building applications to leverage automation and built-in cloud controls
• Securing access control and key management
• Ensuring essential services are running, reachable, and securely hardened
Webinar NETGEAR - Acronis e Netgear una panoramicadelle soluzioni per la prot...Netgear Italia
presentazione delle suite prodotti di Acronis e della famiglia di prodotti storage ReadyNAS e ReadyDATA di Netgear.
Gli strumenti per l adefinizione della migliore solzuione di protezione dei dati per le Aziende e non solo.
Cloud and IoT is now in mainstream adoption phase, often being referred to as the fourth revolution. The presentation will share experiences from early adopters and focus on challenges that vendors will not share when selling cloud enablement services.
LCEU13: Securing your cloud with Xen's advanced security features - George Du...The Linux Foundation
Xen is a mature enterprise-grade virtual machine with many advanced security features which are unique to Xen. For this reason it's the hypervisor of choice for the NSA, the DoD, and the new QubesOS Secure Desktop project. While much of the security of Xen is inherent in its design, many of the advanced security features, such as stub domains, driver domains, XSM, and so on are not enabled by default. This session will describe all of the advanced security features of Xen, and the best way to configure them for the Cloud environment. When the audience leaves, they should have a general framework to evaluate the security of their system, know the key security features of Xen, and have a basic framework of knowledge to help them make sense of the documentation. This talk will *not* go into mind-numbing detail about specific commands to type or configuration options.
Azure Networking - The First Technical ChallengeAidan Finn
The first "technical" obstacle for many organisations in Azure adoption is often the design of a secure and accessible network or landing zone for workloads and data.
This presentation walks through the Security and Compliance functionality to customers leveraging Azure as a compute environment. It includes deep-dive references to detailed information on each topic presented.
SCUGBE_Lowlands_Unite_2017_Rest azured microsoft cloud demystifiedKenny Buntinx
There is a lot of misconceptions about Microsoft’s public cloud offering Azure, especially for IT infrastructure administrators but also for it’s consumers. In this session, Kenneth van Surksum will demystify some of the most common questions when talking about public cloud, like:
· Will moving our on-premise infrastructure to the cloud solve many of the problems we are facing today?
· Can developers just consume Azure, or should they align the IT infrastructure department before starting to develop, and if so why?
· Is Cloud computing a next generation virtualization platform?
· Will we once we move all of our infrastructure to Azure be relieved migration headaches?
· And much more….
Kenneth will share his experiences from implementing Azure solutions at customers with the audience. The goal of this session is to make people, who want to start working with Azure aware of the caveats so that they don’t make the obvious mistakes.
An overview of Whats New in VMware vRealize Network Insight 3.4. vRealize Network Insight provides micro-segmentation planning, 360 visibility and troubleshooting and VMware NSX day 2 operations management.
Best Practices for Workload Security: Securing Servers in Modern Data Center ...CloudPassage
Presentation slides from Black Hat 2016. Presented by Sami Laine, Principal Technologist at CloudPassage & Aaron McKeown, Lead Security Architect of Xero.
VMware vRealize Network Insight delivers intelligent operations for software-defined networking and security across virtual, physical and multiple-clouds with micro-segmentation planning, 360 visibility and NSX operations.
Application development and deployment in the traditional datacenter has been a challenge for many organizations primarily due to resource constraints. This has historically led to unfortunate compromises between functionality and security for business applications.
With public cloud providers, we have seen the limitations to technical capabilities fall away; the attainable to the Fortune 500 has become available to organizations of any size.
This yields some exciting new options for the development, deployment and operation of secure applications. Here you will find the presentation deck and recording of webinar.
Webinar NETGEAR - Come Netgear può aiutare a mitigare gli effetti del RansomwareNetgear Italia
Cosa è e come agisce il Ransomware, le azioni da intrapprendere e cosa Netgear può favorire la mitigazione della minaccia. Snapshot istantanee illimitate a livello blocco dati e ReadyRecover, la soluzione di backup appliance per ottenere full backup ogni 15 minuti di ogni sistema windows in Azienda.
The cloud is a cost-effective way to provide maximum accessibility for your customers. However, organizations often fail to optimize and configure it properly for their environment, leaving them inadvertently exposed.
These slides are from our recent webinar covering proven techniques that reduce cloud risk, including:
• Building applications to leverage automation and built-in cloud controls
• Securing access control and key management
• Ensuring essential services are running, reachable, and securely hardened
Webinar NETGEAR - Acronis e Netgear una panoramicadelle soluzioni per la prot...Netgear Italia
presentazione delle suite prodotti di Acronis e della famiglia di prodotti storage ReadyNAS e ReadyDATA di Netgear.
Gli strumenti per l adefinizione della migliore solzuione di protezione dei dati per le Aziende e non solo.
Cloud and IoT is now in mainstream adoption phase, often being referred to as the fourth revolution. The presentation will share experiences from early adopters and focus on challenges that vendors will not share when selling cloud enablement services.
LCEU13: Securing your cloud with Xen's advanced security features - George Du...The Linux Foundation
Xen is a mature enterprise-grade virtual machine with many advanced security features which are unique to Xen. For this reason it's the hypervisor of choice for the NSA, the DoD, and the new QubesOS Secure Desktop project. While much of the security of Xen is inherent in its design, many of the advanced security features, such as stub domains, driver domains, XSM, and so on are not enabled by default. This session will describe all of the advanced security features of Xen, and the best way to configure them for the Cloud environment. When the audience leaves, they should have a general framework to evaluate the security of their system, know the key security features of Xen, and have a basic framework of knowledge to help them make sense of the documentation. This talk will *not* go into mind-numbing detail about specific commands to type or configuration options.
Radare2 - An Introduction by Anto JosephAnthony Jose
A quick introduction to the popular reverse engineering framework : radare2, basic binary analysis for 3 crackMe challenges for NULL/OWASP/Garage4Hackers Bangalore Meet .
Shellshock, also known as Bashdoor, is a family of security bugs in the widely used Unix Bash shell, the first of which was disclosed on 24 September 2014. Many Internet-facing services, such as some web server deployments, use Bash to process certain requests, allowing an attacker to cause vulnerable versions of Bash to execute arbitrary commands. This can allow an attacker to gain unauthorized access to a computer system.
This talk presents a brief overview of Use-after-Free vulnerability and corresponding exploitation techniques for Internet Explorer (IE), followed by description of memory protection schemes implemented in newer versions of IE in order to mitigate exploitation of such vulnerabilities.
Social Engineering is never considered as serious attack vector. This presentation will educate how to use it handy even to bypass 2 factor authentication.
Kernel Mode Threats and Practical DefensesPriyanka Aash
Recent advancements in OS security from Microsoft such as PatchGuard, Driver Signature Enforcement, and SecureBoot have helped curtail once-widespread commodity kernel mode malware such as TDL4 and ZeroAccess. However, advanced attackers have found ways of evading these protections and continue to leverage kernel mode malware to stay one step ahead of the defenders. We will examine the techniques from malware such as DoublePulsar, SlingShot, and Turla that help attackers evade endpoint defenses. We will also reveal a novel method to execute a fully kernel mode implant without hitting disk or being detected by security products. The method builds on publicly available tools which makes it easily within grasp of novice adversaries.
While attacker techniques have evolved to evade endpoint protections, the current state of the art in kernel malware detection has also advanced to hinder these new kernel mode threats. We will discuss these new defensive techniques to counter kernel mode threats, including real-time detection techniques that leverage hypervisors along with an innovative hardware assisted approach that utilizes performance monitoring units. In addition, we will discuss on-demand techniques that leverage page table entry remapping to hunt for kernel malware at scale. To give defenders a leg up, we will release a tool that is effective at thwarting advanced kernel mode threats. Kernel mode threats will only continue to grow in prominence and impact. This talk will provide both the latest attacker techniques in this area, and a new tool to curtail these attacks, proving real-world strategies for immediate implementation.
VENOM (Virtualised Environment Neglected Operations Manipulation) is a vulnerability that could allow an attacker to escape a guest virtual machine and access the host system, along with other virtual machines running on this system, and access their data.
CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...The Linux Foundation
An important facilitator of Unikernel development, Xen Project continues to develop new and interesting technologies to support the needs of the next generation datacenter. Potentially game-changing technologies like Unikernels will never reach their full potential unless the hypervisor they rely on can handle a large number of potentially tiny VMs effectively and efficiently.
In this talk, Xen Project Advisory Board Chairman Lars Kurth will discuss some of the major advances in the hypervisor produced in last year's releases (4.5 and 4.6). He will also discuss some of the work in development which could appear in upcoming releases.
Static partitioning is becoming increasingly common in embedded. A static hypervisor, such as Xen dom0less, is employed to split the hardware resources into multiple domains and run a different OS in each domain. For instance, Linux and Zephyr. Only the simplest static partitioning configurations don't involve any data exchanges between the domains. Often, communication and data exchanges between two or more environments are required to complete the data processing pipeline that implements the target application. However, the VM-to-VM communication mechanisms available in static partitioning configurations are typically more limited compared to general-purpose hypervisors. For example, PV drivers are not available to Xen dom0less domains. This presentation will discuss the need for communication in static partitioning setups and it will present the technical challenges involved in getting traditional communication methods to work, including Xen PV drivers and VirtIO. The talk will also provide simpler alternatives based on shared memory and interrupt notifications to set up domain-to-domain data streams: simpler techniques that are easily exploitable both by Linux and by tiny baremetal applications as well.
In cloud computing environments, VMs require fast access to resources like storage and networking. The hardware that the VMs access is implemented in software and/or by passing through a dedicated hardware device. Software-based solutions consume extra CPU cycles, thus resulting in poor performance. Also, these require to expose a device-model to the guest, thus increasing the attack surface. Conversely, hardware passthrough provides better performance and security but can be expensive in terms of the number of physical resources, since each device is dedicated to a single VM. This talk focuses on how Vates is working on sharing hardware resources among VMs by relying on dedicated processors named Data Processing Units (DPU). More precisely, Vates work on offloading Xen hypervisor of storage emulation by relying on Kalray K200 DPU PCIe controllers, a hardware accelerator based on MPPA architecture.
-----------------------------------------
The CloudStack Collaboration Conference 2023 took place on 23-24th November. The conference, arranged by a group of volunteers from the Apache CloudStack Community, took place in the voco hotel, in Porte de Clichy, Paris. It hosted over 350 attendees, with 47 speakers holding technical talks, user stories, new features and integrations presentations and more.
Similar to Venom vulnerability Overview and a basic demo (20)
App sec in the time of docker containersAkash Mahajan
A look at how application security needs to evolve to keep up with applications that are containerised. Delivered first at c0c0n 2016, the audience got a ready checklist to go with the talk.
Security in the cloud Workshop HSTC 2014Akash Mahajan
A broad overview of what it takes to be secure. This is more of an introduction where we introduce the basic terms around Cloud Computing and how do we go about securing our information assets(Data, Applications and Infrastructure)
The workshop was fun because all the slides were paired with real world examples of security breaches and attacks.
The real incident of stealing a droid app+dataAkash Mahajan
This is a beginner level talk/lecture about how we managed to steal data, bypass security controls and steal the source code of an Android application which was supposed to be secure.
Technically what we managed to do isn't ground breaking, but due to a combination of reasons we were able to radically change the security of the Android app for the better.
A talk about attacks against SSL that have been uncovered in the last 3-4 years. This talk delves into about what exactly was attacked and how it was attacked and how SSL is still a pretty useful piece of technology.
This was given at null Bangalore April Meeting.
I haz your mouse clicks and key strokesAkash Mahajan
This technically light talk+demo will show you how and what are User Interface Redressing Attacks.
Web Applications using HTML5 + JavaScript + CSS + Modern Browsers are vulnerable to attacks such as Clickjacking, Strokejacking, Cursor Tracking, Unxploitable XSS and Facebook Like attacks.
TL;DR Cool demo and simple to understand explaination of ClickJacking
Web site users are facing new and improved threats nowadays. These range from clickjacking, json injection to likejacking among others. Companies like Google, Mozilla, Microsoft etc. have started implementing new HTTP response headers to counter some of the advanced attacks against their website users. Some of the new attacks aren't well understood by the application developers and hence they aren’t using the new secure headers supported by the new browsers. This is either due to ignorance or in order to keep supporting older insecure browsers versions of Internet Explorer.
This talk we will walkthrough what these attacks are, how this various security headers protect the web application users and what is the status of compatibility currently.
A different look at what PHP developers should be looking at. Not in terms of security but in terms of the data flow of the web application. The concepts of security are tied into that itself.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
2. VENOM is an acronym for
V IRTUALIZE D
ENVIRONMENT
NEGLEC TE D
O PE RATIONS
M ANIPULATION
3. What is VENOM?
It is a security vulnerability in the
virtual floppy drive code used by
many computer virtualization
platforms.
4. What does it do?
This vulnerability may allow an
attacker to escape from the confines
of an affected virtual machine (VM)
guest and potentially obtain code-
execution access to the host.
5. Why is it a big deal?
He was right
about the
cloud, wasn’t
he!
6. Seriously why is this a big deal?
• Consider that all the cloud vendors in the
world use OS level virtualization
• Now all of those who use Xen, Qemu, KVM
and Virtualbox were vulnerable to this
• It doesn’t matter if the virtual machine is a
linux box or a windows box
8. How does it work?
• So a VM (guest) gets access to virtual
hardware of a physical machine (host)
• Quick EMUlator (QEMU) is an open source
hypervisor that performs hardware
virtualization
9. Exploiting the QEMU Hypervisor
• The hypervisor code sits between the guest and the
host, operating as the ‘bridge’ and abstraction layer
relied upon by either side to communicate with the
other.
• Incorporating all of the memory mapping and device
drivers required to trick the guest into believing it is
operating on real hardware.
11. QEMU Floppy Disk Controller
• The QEMU FDC is enabled by default in Xen
and KVM platforms.
• The problem exists in the Floppy Disk
Controller, which is initialized for every x86 and
x86_64 guest regardless of the configuration
and cannot be removed or disabled.
12. QEMU Floppy Disk Controller
• The QEMU FDC is enabled by default in Xen
and KVM platforms.
• The problem exists in the Floppy Disk
Controller, which is initialized for every x86 and
x86_64 guest regardless of the configuration
and cannot be removed or disabled.
14. The Devil is in the C Code
• FDC uses a buffer of 512 bytes to store the I/O
command and its parameters
• It has an index variable to access the buffer
area
• After every command the index variable is set
to 0
15. Still the Devil is in the C Code
The FDC’s data_pos and data_len fields above are
initialized to 0 upon FDC reset.
• For two of the command handler functions, the
data_pos reset is delayed or circumvented.
– FDC_CMD_READ_ID
– FDC_CMD_DRIVE_SPECIFICATION_COMMAND
16. Buffer Overflow of FIFO buffer
• The VENOM advisory talks about overflow
of the *fifo buffer due to this particular
reason