Cloudburst Hacking 3D and Breaking Out of VMware Kostya Kortchinsky Black Hat - USA - 2009

Channel:
United States All Hacking Cons
Subscribers:
5,970
Published on ● Video Link: https://www.youtube.com/watch?v=69PmZJXaUqY


Duration: 1:06:24
88 views
2

Cloudburst: Hacking 3D (and Breaking Out of VMware)

Virtualization is everywhere, and VMware is a major actor in the domain. A MacOS user running a Windows only application in a Fusion guest. A malware researcher analysing the latest Conficker in a Workstation guest. A big company running a cloud virtualized on some ESX servers. All of them rely on the security offered by the virtualization software, as a breakout would have disastrous consequences.

Yet VMware products include implement a lot of functionality, and as such have a decent chance to include some bugs. CLOUDBURST is the combination of 3 of those found in the virtualized video device (more specifically the 3D code). Combined, these allow a user in a Guest to execute code on the Host. Since the virtualized device code is the same for all the branches of the products, this impacts Workstation, as well as Fusion or ESX. Immunity, Inc. will present the various vulnerabilities and the techniques used to exploit the bug reliably, even on platforms with ASLR or DEP such as Vista SP1. Once exploited, Immunity will demonstrate how to establish MOSDEF between the Host and Guest.

Black Hat - USA - 2009
Hacking conference
#hacking, #hackers, #infosec, #opsec, #IT, #security



Other Videos By All Hacking Cons


2021-12-28Clobbering the Cloud Haroon Meer, Nick Arvanitis, Marco Slaviero
2021-12-28Netscreen of the Dead Graeme Neilson Black Hat - USA - 2009
2021-12-28Fight Against 1 Day Exploits Jeongwook Oh Black Hat - USA - 2009
2021-12-28Hacker Court 2 2 Panel Black Hat - USA - 2009
2021-12-28Our Favorite XSS Filters and How to Attack Them Eduardo Vela Nava, David Lindsay
2021-12-28A 16 bit Rootkit and Second Generation Zigbee Chips Travis Goodspeed
2021-12-28Cloud Computing Models and Vulnerabilities Raining on the Trendy New Parade Alex Stamos, Andrew
2021-12-28Re-conceptualizing Security Bruce Schneier Black Hat - USA - 2009
2021-12-28Hacking the Smart Grid Tony Flick Black Hat - USA - 2009
2021-12-28A Black Hat Vulnerability Risk Assessment Panel Black Hat - USA - 2009
2021-12-28Cloudburst Hacking 3D and Breaking Out of VMware Kostya Kortchinsky Black Hat - USA - 2009
2021-12-28How Economics and Information Security Affects Cyber Crime Peter Guerra Black Hat - USA - 2009
2021-12-28I Just Found 10 Million SSNs Alessandro Acquisti Black Hat - USA - 2009
2021-12-28Computer Crime Year in Review Jennifer Granick Black Hat - USA - 2009
2021-12-28Advanced Mac OS X Rootkits Dino Dai Zovi Black Hat - USA - 2009
2021-12-28Lockpicking Forensics Datagram Black Hat - USA - 2009
2021-12-28Internet Special Ops Andrew Fried, Paul Vixie, Christopher Lee Black Hat - USA - 2009
2021-12-28Advanced MySQL Exploitation Muhaimin Dzulfakar Black Hat - USA - 2009
2021-12-28Long-Term Sessions: This Is Why We Can't Have Nice Things Steve Ocepek
2021-12-28CSO Panel Black Hat Strategy Meeting Panel Black Hat - USA - 2009
2021-12-28Introducing Ring 3 Rootkits Alexander Tereshkin & Rafal Wojtczuk Black Hat - USA - 2009


Tags:
data
hacker
security
computer
cyber
internet
technology
hacking
attack
digital
virus
information
hack
online
crime
password
code
web
concept
thief
protection
network
scam
fraud
malware
secure
identity
criminal
phishing
software
access
safety
theft
system
firewall
communication
business
privacy
binary
account
spy
programmer
program
spyware
hacked
hacking conference
conference
2022
2021
cybersecurity
break in
google
securing
exploit
recon
social engineering
KOSTYA KORTCHINSKY