Virtually Pwned Pentesting Virtualization Security

•

4 likes•2,550 views

The document discusses attacking virtualization infrastructure through various exploits. It presents the Virtualization ASsessment TOolkit (VASTO) which is an exploit pack focusing on virtualization and cloud security. It then demonstrates several exploits against VMware virtualization software, including path traversal exploits, session hijacking, and code execution exploits affecting the vCenter management console, ESXi hypervisor, and supporting services. The talk encourages testing these attacks to better understand vulnerabilities in virtualization platforms.

Technology

No , it is not something you can easily audit

We’re going to attack virtualization infrastructure

[object Object],[object Object],[object Object],[object Object]

What's hot

BlueHat v17 || Mitigations for the Masses: From EMET to Windows Defender Exp...BlueHat Security Conference

Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...Jeremiah Grossman

Cracking into embedded devices and beyondamiable_indian

Wordpress securityMehmet Ince

Web application security (eng)Anatoliy Okhotnikov

Don't get stung - an introduction to the OWASP Top 10Barry Dorrans

What should a hacker know about WebDav?Mikhail Egorov

DEF CON 27 - workshop ANTHONY ROSE - introduction to amsi bypasses and sandbo...Felipe Prado

Web Application Firewall: Suckseed or SucceedPrathan Phongthiproek

[CB16] 80時間でWebを一周:クロムミウムオートメーションによるスケーラブルなフィンガープリント by Isaac DawsonCODE BLUE

Serverless Security: Defence Against the Dark ArtsYan Cui

Php web app security (eng)Anatoliy Okhotnikov

Hypervisor Security - OpenStack Summit Hong KongRobert Clark

Mikhail Egorov - Hunting for bugs in Adobe Experience Manager webappshacktivity

Neat tricks to bypass CSRF-protectionMikhail Egorov

[CB16] Esoteric Web Application Vulnerabilities by Andrés RianchoCODE BLUE

Hacking Adobe Experience Manager sitesMikhail Egorov

In The Middle of Printers - The (In)Security of Pull Printing solutions - Hac...Jakub Kałużny

Anatomy of Exploit Kitssecurityxploded

Fosdem10wremes

What's hot (20)

BlueHat v17 || Mitigations for the Masses: From EMET to Windows Defender Exp...

Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...

Cracking into embedded devices and beyond

Wordpress security

Web application security (eng)

Don't get stung - an introduction to the OWASP Top 10

What should a hacker know about WebDav?

DEF CON 27 - workshop ANTHONY ROSE - introduction to amsi bypasses and sandbo...

Web Application Firewall: Suckseed or Succeed

[CB16] 80時間でWebを一周:クロムミウムオートメーションによるスケーラブルなフィンガープリント by Isaac Dawson

Serverless Security: Defence Against the Dark Arts

Php web app security (eng)

Hypervisor Security - OpenStack Summit Hong Kong

Mikhail Egorov - Hunting for bugs in Adobe Experience Manager webapps

Neat tricks to bypass CSRF-protection

[CB16] Esoteric Web Application Vulnerabilities by Andrés Riancho

Hacking Adobe Experience Manager sites

In The Middle of Printers - The (In)Security of Pull Printing solutions - Hac...

Anatomy of Exploit Kits

Fosdem10

Viewers also liked

[1] DOCTOR BOVE - HOME STAGING PROJECT - MARCH 2017 Carolina Ruiz Amo

"INSTRUMENTOS FINANCIEROS PARA EMPRENDEDORES/AS"Carolina Ruiz Amo

EL SUMO PONTIFICE ROMANOFranc.J. Vasquez.M

Controladores de tensión ACDavid Sanchez Tomaselli

135140 9th line Robert Porteous

Como hacer un libroAndrea López Martínez

897 concession 10 & 11 cochraneRobert Porteous

Book presentation URBAN OASIS - DIARIO DE JEREZ Carolina Ruiz Amo

Standing on the cloudsClaudio Criscione

результаты деятельности дооdenchk

Regulamento Oficial do 10º Regional UCASFUCASF

Tributario Lucila Suárezkertydevargas

IKP Knowledge Park & IKP-EDEN™ IKP-Engineering Design Entrepreneurship NetworkTiE Bangalore

Dossier Doctor Bove - Home Staging - March 2017Carolina Ruiz Amo

Ankur ppt demandANKUR KUMAR

409031 grey road 4Robert Porteous

Viewers also liked (16)

[1] DOCTOR BOVE - HOME STAGING PROJECT - MARCH 2017

"INSTRUMENTOS FINANCIEROS PARA EMPRENDEDORES/AS"

EL SUMO PONTIFICE ROMANO

Controladores de tensión AC

135140 9th line

Como hacer un libro

897 concession 10 & 11 cochrane

Book presentation URBAN OASIS - DIARIO DE JEREZ

Standing on the clouds

результаты деятельности доо

Regulamento Oficial do 10º Regional UCASF

Tributario Lucila Suárez

IKP Knowledge Park & IKP-EDEN™ IKP-Engineering Design Entrepreneurship Network

Dossier Doctor Bove - Home Staging - March 2017

Ankur ppt demand

409031 grey road 4

Similar to Virtually Pwned Pentesting Virtualization Security

How to configure esx to pass an auditConcentrated Technology

The Good The Bad The VirtualClaudio Criscione

Technical Architecture of RASP TechnologyPriyanka Aash

Hardening cassandra q2_2016zznate

Securing Cassandra for ComplianceDataStax

Kioptrix 2014 5Jayesh Patel

Defending Against Attacks With RailsTony Amoyal

Windows Attacks AT is the new blackRob Fuller

Windows attacks - AT is the new blackChris Gates

PHP Secure ProgrammingBalavignesh Kasinathan

FIWARE Wednesday Webinars - How to Secure IoT DevicesFIWARE

[CB20] Operation I am Tom: How APT actors move laterally in corporate network...CODE BLUE

ZertoCON_Support_Toolz.pdftestslebew

Wifi Security, or Descending into Depression and DrinkSecurityTube.Net

Bridging the Gap: Lessons in Adversarial Tradecraftenigma0x3

Moving applications to the cloudSergejus Barinovas

Null bhopal Sep 2016: What it Takes to Secure a Web ApplicationAnant Shrivastava

Positive Technologies - S4 - Scada under x-raysqqlan

Avoiding Cross Site Scripting - Not as easy as you might thinkErlend Oftedal

Unusual Web Bugsamiable_indian

Similar to Virtually Pwned Pentesting Virtualization Security (20)

How to configure esx to pass an audit

The Good The Bad The Virtual

Technical Architecture of RASP Technology

Hardening cassandra q2_2016

Securing Cassandra for Compliance

Kioptrix 2014 5

Defending Against Attacks With Rails

Windows Attacks AT is the new black

Windows attacks - AT is the new black

PHP Secure Programming

FIWARE Wednesday Webinars - How to Secure IoT Devices

[CB20] Operation I am Tom: How APT actors move laterally in corporate network...

ZertoCON_Support_Toolz.pdf

Wifi Security, or Descending into Depression and Drink

Bridging the Gap: Lessons in Adversarial Tradecraft

Moving applications to the cloud

Null bhopal Sep 2016: What it Takes to Secure a Web Application

Positive Technologies - S4 - Scada under x-rays

Avoiding Cross Site Scripting - Not as easy as you might think

Unusual Web Bugs

Recently uploaded

Key Features Of Token Development (1).pptxLBM Solutions

CloudStudio User manual (basic edition):comworks

Science&tech:THE INFORMATION AGE STS.pdfjimielynbastida

Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi

DMCC Future of Trade Web3 - Special EditionDubai Multi Commodity Centre

Artificial intelligence in the post-deep learning eraDeakin University

Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106

Understanding the Laravel MVC ArchitecturePixlogix Infotech

WordPress Websites for Engineers: Elevate Your Brandgvaughan

Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service9953056974 Low Rate Call Girls In Saket, Delhi NCR

Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University

Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK

costume and set research powerpoint presentationphoebematthew05

SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren

E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxnull - The Open Security Community

My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer

Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed

Install Stable Diffusion in windows machinePadma Pradeep

Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson

My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar

Recently uploaded (20)

Key Features Of Token Development (1).pptx

CloudStudio User manual (basic edition):

Science&tech:THE INFORMATION AGE STS.pdf

Vertex AI Gemini Prompt Engineering Tips

DMCC Future of Trade Web3 - Special Edition

Artificial intelligence in the post-deep learning era

Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics

Understanding the Laravel MVC Architecture

WordPress Websites for Engineers: Elevate Your Brand

Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service

Nell’iperspazio con Rocket: il Framework Web di Rust!

Unblocking The Main Thread Solving ANRs and Frozen Frames

costume and set research powerpoint presentation

SQL Database Design For Developers at php[tek] 2024

E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx

My INSURER PTE LTD - Insurtech Innovation Award 2024

Scanning the Internet for External Cloud Exposures via SSL Certs

Install Stable Diffusion in windows machine

Are Multi-Cloud and Serverless Good or Bad?

My Hashitalk Indonesia April 2024 Presentation