Attacking Hypervisors Using Firmware And Hardware
by Yuriy Bulygin & Alexander Matrosov & Mikhail Gorobets & Oleksandr Bazhaniuk
In this presentation, we explore the attack surface of modern hypervisors from the perspective of vulnerabilities in system firmware, such as BIOS and in hardware emulation. We will demonstrate a number of new attacks on hypervisors based on system firmware vulnerabilities with impacts ranging from VMM DoS to hypervisor privilege escalation to SMM privilege escalation from within the virtual machines.
We will also show how a firmware rootkit based on these vulnerabilities could expose secrets within virtual machines and explain how firmware issues can be used for analysis of hypervisor-protected content such as VMCS structures, EPT tables, host physical addresses (HPA) map, IOMMU page tables etc. To enable further hypervisor security testing, we will also be releasing new modules in the open source CHIPSEC framework to test issues in hypervisors when virtualizing hardware.
Видео Attacking Hypervisors Using Firmware And Hardware канала Black Hat
In this presentation, we explore the attack surface of modern hypervisors from the perspective of vulnerabilities in system firmware, such as BIOS and in hardware emulation. We will demonstrate a number of new attacks on hypervisors based on system firmware vulnerabilities with impacts ranging from VMM DoS to hypervisor privilege escalation to SMM privilege escalation from within the virtual machines.
We will also show how a firmware rootkit based on these vulnerabilities could expose secrets within virtual machines and explain how firmware issues can be used for analysis of hypervisor-protected content such as VMCS structures, EPT tables, host physical addresses (HPA) map, IOMMU page tables etc. To enable further hypervisor security testing, we will also be releasing new modules in the open source CHIPSEC framework to test issues in hypervisors when virtualizing hardware.
Видео Attacking Hypervisors Using Firmware And Hardware канала Black Hat
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
![What is a Hypervisor?](https://i.ytimg.com/vi/LMAEbB2a50M/default.jpg)
![](https://i.ytimg.com/vi/WdCbaWzE7fA/default.jpg)
![[Disobey 2020] Live Memory Attacks and Forensics - Ulf Frisk](https://i.ytimg.com/vi/mca3rLsHuTA/default.jpg)
![An evening with Gordon Ramsay at Michelin-starred Petrus](https://i.ytimg.com/vi/YoxHEBeF6s0/default.jpg)
![Whiteboard Wednesday: Extracting Firmware from Microcontrollers](https://i.ytimg.com/vi/A-nCPtt3H7s/default.jpg)
![Heap Spray Exploit Technique](https://i.ytimg.com/vi/Ec4UEtO7dPI/default.jpg)
![How to Make Your Own VPN (And Why You Would Want to)](https://i.ytimg.com/vi/gxpX_mubz2A/default.jpg)
![What Makes ALL Your Electronics Work - Firmware Explained](https://i.ytimg.com/vi/3YfZcNUhBKY/default.jpg)
![PicoDMA: DMA Attacks at Your Fingertips](https://i.ytimg.com/vi/j8pCjgaByVo/default.jpg)
![How To Remove Crypto Miner ~ Advanced Rootkit Removal | How To Remove Rootkits ~ Nico Knows Tech](https://i.ytimg.com/vi/YkRWeYAPPXk/default.jpg)
![BIOS, CMOS, UEFI - What's the difference?](https://i.ytimg.com/vi/LGz0Io_dh_I/default.jpg)
![Demo8 - Heap Spray Example](https://i.ytimg.com/vi/MqDCn0HoTSw/default.jpg)
![Cloud Security Attack - Fancy Hare](https://i.ytimg.com/vi/u0mzjn-D0Qo/default.jpg)
![The Heap: How to exploit a Heap Overflow - bin 0x15](https://i.ytimg.com/vi/TfJrU95q1J4/default.jpg)
![48 Dirty Little Secrets Cryptographers Don’t Want You To Know](https://i.ytimg.com/vi/iZa_XKpj9X4/default.jpg)
![Vulnerability research as a lifestyle - Faraz](https://i.ytimg.com/vi/ltYfd4GXags/default.jpg)
![What is a Hypervisor?](https://i.ytimg.com/vi/ORBS9bvPRiM/default.jpg)
![Virtualization Technologies How a Hypervisor works](https://i.ytimg.com/vi/FTOde-5yLzA/default.jpg)
![Hypervisor technology: A foundation for critical automotive embedded systems](https://i.ytimg.com/vi/sIfRYKBiVq0/default.jpg)
![OffensiveCon19 - Alex Matrosov - Attacking Hardware Root of Trust from UEFI Firmware](https://i.ytimg.com/vi/Ap-2CnoyBek/default.jpg)