- Популярные видео
- Авто
- Видео-блоги
- ДТП, аварии
- Для маленьких
- Еда, напитки
- Животные
- Закон и право
- Знаменитости
- Игры
- Искусство
- Комедии
- Красота, мода
- Кулинария, рецепты
- Люди
- Мото
- Музыка
- Мультфильмы
- Наука, технологии
- Новости
- Образование
- Политика
- Праздники
- Приколы
- Природа
- Происшествия
- Путешествия
- Развлечения
- Ржач
- Семья
- Сериалы
- Спорт
- Стиль жизни
- ТВ передачи
- Танцы
- Технологии
- Товары
- Ужасы
- Фильмы
- Шоу-бизнес
- Юмор
Operational Detection of Guest-to-Host Compromise via QEMU Process Telemetry
This research investigates the operational detection of guest-to-host compromise (VM escape) in QEMU-based virtualized environments using host-level process telemetry.
VM escape — where an attacker breaks out of a virtual machine to gain control of the underlying host — is one of the most consequential attacks in cloud and multi-tenant infrastructure. Existing detection methods like Virtual Machine Introspection (VMI) provide strong isolation from attacker manipulation but introduce a "semantic gap": reconstructing meaningful OS behavior from raw memory state increases analytical complexity and delays detection.
This project explores an alternative. Because the QEMU process is the first host-side component any escaping attacker must interact with, monitoring it directly using `auditd` can surface anomalous behavior — unexpected shell execution, access to sensitive host resources — at the moment of compromise rather than after post-exploitation activity has begun.
Видео Operational Detection of Guest-to-Host Compromise via QEMU Process Telemetry канала Josh Buckwald
VM escape — where an attacker breaks out of a virtual machine to gain control of the underlying host — is one of the most consequential attacks in cloud and multi-tenant infrastructure. Existing detection methods like Virtual Machine Introspection (VMI) provide strong isolation from attacker manipulation but introduce a "semantic gap": reconstructing meaningful OS behavior from raw memory state increases analytical complexity and delays detection.
This project explores an alternative. Because the QEMU process is the first host-side component any escaping attacker must interact with, monitoring it directly using `auditd` can surface anomalous behavior — unexpected shell execution, access to sensitive host resources — at the moment of compromise rather than after post-exploitation activity has begun.
Видео Operational Detection of Guest-to-Host Compromise via QEMU Process Telemetry канала Josh Buckwald
Комментарии отсутствуют
Информация о видео
11 мая 2026 г. 12:00:50
00:11:11
Другие видео канала
