Virtually Hacking

Presented at DEF CON 16 (2008), Aug. 8, 2008, 6 p.m. (50 minutes).

Own the VMware box and you get half the servers on the network for free. Although, depending on the VMware server's configuration, whether you want to be stealthy about it and whether you want to avoid any disruption it may not always be quite that simple. During this talk we will take a look at ways of jumping from a server to guest OS without causing any disruption and also some tools for assessing the security posture of VMware products. With VMware becoming an integral part of many networks it is important that the security level of its deployment is assessed appropriately. Without the right tools to do the job this can be a slow and painful task; with the right tools you can have a lot of fun. I'll demo some tools which I have been working on that harness the power of dradis and make testing and possibly owning VMware servers and VMs a virtually painless task.

Presenters:

  • John Fitzpatrick - Information Security Consultant - MWR InfoSecurity
    John Fitzpatrick is an information security consultant working in the UK for MWR InfoSecurity performing penetration and application tests. His primary interests are in searching for security issues in anything that might make a network a playground and in writing code that does fun things. John is always researching some protocol, software or technology, generally with the goal of breaking it or finding a new interesting attack vector; most recently this research has been targeted towards VMWare. He is also highly experienced in a technique which enables him to code all night and still turn up to work in the mornings.

Links:

Similar Presentations: