A Practical Attack Against VDI Solutions

Channel:
United States All Hacking Cons
Subscribers:
5,970
Published on ● Video Link: https://www.youtube.com/watch?v=iIlhY8T-tcE


Duration: 47:58
6 views
0

The secure BYOD hype is growing and Virtual Desktop Infrastructure (VDI) is considered the alternative solution for secure containers. In a nutshell, VDI solutions provide a remote workstation offering so that no data is stored locally. We decided to examine the architecture and see for ourselves whether VDI delivers on its security promise.

In this engaging session, we demonstrate a proof-of-concept attack where a malicious app leverages screen scraping to exfiltrate data through common VDI platforms. By simulating the user's interaction, we show how such an attack is not only feasible - but also efficient. While keeping the espionage activity invisible both from client-side and server-side malware detection measures, the attacker can automate the process and ultimately render the VDI solution ineffective.

PRESENTED BY
Daniel Brodie, Michael Shaulov

Black Hat - USA - 2014 Hacking conference
#hacking, #hackers, #infosec, #opsec, #IT, #security



Other Videos By All Hacking Cons


2022-01-02Babar ians at the Gate Data Protection at Massive Scale
2022-01-02Exposing Bootkits with BIOS Emulation
2022-01-02Attacking Mobile Broadband Modems Like a Criminal Would
2022-01-02Creating a Spider Goat Security with Intel CPU Transactional Memory Support
2022-01-02APT Attribution and DNS Profiling
2022-01-02Exploiting Unpatched iOS Vulnerabilities for Fun and Profit
2022-01-02Contemporary Automatic Program Analysis
2022-01-02Android FakeID Vulnerability Walkthrough
2022-01-02Full System Emulation Achieving Successful Automated Dynamic Analysis of Evasive Malware
2022-01-02Breaking the Security of Physical Devices by Silvio Cesare
2022-01-02A Practical Attack Against VDI Solutions
2022-01-02Bringing Software Defined Radio to the Penetration Testing Community
2022-01-02Building Safe Systems at Scale Lessons from Six Months at Yahoo
2022-01-02A Scalable, Ensemble Approach for Building and Visualizing Deep Code Sharing Networks
2022-01-02GRR Find All the Badness, Collect All the Things
2022-01-02A Survey of Remote Automotive Attack Surfaces
2022-01-02Call To Arms A Tale of the Weaknesses of Current Client Side XSS Filtering
2022-01-02Hacking the Wireless World with Software Defined Radio 2 0
2022-01-02Abuse of CPE Devices and Recommended Fixes
2022-01-02Abusing Microsoft Kerberos Sorry You Guys Don't Get It
2022-01-02Capstone Next Generation Disassembly Framework


Tags:
data
hacker
security
computer
cyber
internet
technology
hacking
attack
digital
virus
information
hack
online
password
code
web
concept
protection
network
malware
secure
criminal
software
access
safety
theft
system
firewall
communication
business
privacy
binary
account
spy
programmer
program
spyware
hacked
hacking conference
conference
learn
how to
2022
2021
cybersecurity
owned
break in
google
securing
exploit
exploitation
recon
social engineering
vdi
Daniel Brodie
Michael Shaulov