Virtually Pwned Pentesting Virtualization Security

•

4 likes•2,550 views

The document discusses attacking virtualization infrastructure through various exploits. It presents the Virtualization ASsessment TOolkit (VASTO) which is an exploit pack focusing on virtualization and cloud security. It then demonstrates several exploits against VMware virtualization software, including path traversal exploits, session hijacking, and code execution exploits affecting the vCenter management console, ESXi hypervisor, and supporting services. The talk encourages testing these attacks to better understand vulnerabilities in virtualization platforms.

Technology

No , it is not something you can easily audit

We’re going to attack virtualization infrastructure

[object Object],[object Object],[object Object],[object Object]

What's hot

BlueHat v17 || Mitigations for the Masses: From EMET to Windows Defender Exp...BlueHat Security Conference

Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...Jeremiah Grossman

Cracking into embedded devices and beyondamiable_indian

Wordpress securityMehmet Ince

Web application security (eng)Anatoliy Okhotnikov

Don't get stung - an introduction to the OWASP Top 10Barry Dorrans

What should a hacker know about WebDav?Mikhail Egorov

DEF CON 27 - workshop ANTHONY ROSE - introduction to amsi bypasses and sandbo...Felipe Prado

Web Application Firewall: Suckseed or SucceedPrathan Phongthiproek

[CB16] 80時間でWebを一周:クロムミウムオートメーションによるスケーラブルなフィンガープリント by Isaac DawsonCODE BLUE

Serverless Security: Defence Against the Dark ArtsYan Cui

Php web app security (eng)Anatoliy Okhotnikov

Hypervisor Security - OpenStack Summit Hong KongRobert Clark

Mikhail Egorov - Hunting for bugs in Adobe Experience Manager webappshacktivity

Neat tricks to bypass CSRF-protectionMikhail Egorov

[CB16] Esoteric Web Application Vulnerabilities by Andrés RianchoCODE BLUE

Hacking Adobe Experience Manager sitesMikhail Egorov

In The Middle of Printers - The (In)Security of Pull Printing solutions - Hac...Jakub Kałużny

Anatomy of Exploit Kitssecurityxploded

Fosdem10wremes

What's hot (20)

BlueHat v17 || Mitigations for the Masses: From EMET to Windows Defender Exp...

Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...

Cracking into embedded devices and beyond

Wordpress security

Web application security (eng)

Don't get stung - an introduction to the OWASP Top 10

What should a hacker know about WebDav?

DEF CON 27 - workshop ANTHONY ROSE - introduction to amsi bypasses and sandbo...

Web Application Firewall: Suckseed or Succeed

[CB16] 80時間でWebを一周:クロムミウムオートメーションによるスケーラブルなフィンガープリント by Isaac Dawson

Serverless Security: Defence Against the Dark Arts

Php web app security (eng)

Hypervisor Security - OpenStack Summit Hong Kong

Mikhail Egorov - Hunting for bugs in Adobe Experience Manager webapps

Neat tricks to bypass CSRF-protection

[CB16] Esoteric Web Application Vulnerabilities by Andrés Riancho

Hacking Adobe Experience Manager sites

In The Middle of Printers - The (In)Security of Pull Printing solutions - Hac...

Anatomy of Exploit Kits

Fosdem10

Viewers also liked

[1] DOCTOR BOVE - HOME STAGING PROJECT - MARCH 2017 Carolina Ruiz Amo

"INSTRUMENTOS FINANCIEROS PARA EMPRENDEDORES/AS"Carolina Ruiz Amo

EL SUMO PONTIFICE ROMANOFranc.J. Vasquez.M

Controladores de tensión ACDavid Sanchez Tomaselli

135140 9th line Robert Porteous

Como hacer un libroAndrea López Martínez

897 concession 10 & 11 cochraneRobert Porteous

Book presentation URBAN OASIS - DIARIO DE JEREZ Carolina Ruiz Amo

Standing on the cloudsClaudio Criscione

результаты деятельности дооdenchk

Regulamento Oficial do 10º Regional UCASFUCASF

Tributario Lucila Suárezkertydevargas

IKP Knowledge Park & IKP-EDEN™ IKP-Engineering Design Entrepreneurship NetworkTiE Bangalore

Dossier Doctor Bove - Home Staging - March 2017Carolina Ruiz Amo

Ankur ppt demandANKUR KUMAR

409031 grey road 4Robert Porteous

Viewers also liked (16)

[1] DOCTOR BOVE - HOME STAGING PROJECT - MARCH 2017

"INSTRUMENTOS FINANCIEROS PARA EMPRENDEDORES/AS"

EL SUMO PONTIFICE ROMANO

Controladores de tensión AC

135140 9th line

Como hacer un libro

897 concession 10 & 11 cochrane

Book presentation URBAN OASIS - DIARIO DE JEREZ

Standing on the clouds

результаты деятельности доо

Regulamento Oficial do 10º Regional UCASF

Tributario Lucila Suárez

IKP Knowledge Park & IKP-EDEN™ IKP-Engineering Design Entrepreneurship Network

Dossier Doctor Bove - Home Staging - March 2017

Ankur ppt demand

409031 grey road 4

Similar to Virtually Pwned Pentesting Virtualization Security

How to configure esx to pass an auditConcentrated Technology

The Good The Bad The VirtualClaudio Criscione

Technical Architecture of RASP TechnologyPriyanka Aash

Hardening cassandra q2_2016zznate

Securing Cassandra for ComplianceDataStax

Kioptrix 2014 5Jayesh Patel

Defending Against Attacks With RailsTony Amoyal

Windows Attacks AT is the new blackRob Fuller

Windows attacks - AT is the new blackChris Gates

PHP Secure ProgrammingBalavignesh Kasinathan

FIWARE Wednesday Webinars - How to Secure IoT DevicesFIWARE

[CB20] Operation I am Tom: How APT actors move laterally in corporate network...CODE BLUE

ZertoCON_Support_Toolz.pdftestslebew

Wifi Security, or Descending into Depression and DrinkSecurityTube.Net

Bridging the Gap: Lessons in Adversarial Tradecraftenigma0x3

Moving applications to the cloudSergejus Barinovas

Null bhopal Sep 2016: What it Takes to Secure a Web ApplicationAnant Shrivastava

Positive Technologies - S4 - Scada under x-raysqqlan

Avoiding Cross Site Scripting - Not as easy as you might thinkErlend Oftedal

Unusual Web Bugsamiable_indian

Similar to Virtually Pwned Pentesting Virtualization Security (20)

How to configure esx to pass an audit

The Good The Bad The Virtual

Technical Architecture of RASP Technology

Hardening cassandra q2_2016

Securing Cassandra for Compliance

Kioptrix 2014 5

Defending Against Attacks With Rails

Windows Attacks AT is the new black

Windows attacks - AT is the new black

PHP Secure Programming

FIWARE Wednesday Webinars - How to Secure IoT Devices

[CB20] Operation I am Tom: How APT actors move laterally in corporate network...

ZertoCON_Support_Toolz.pdf

Wifi Security, or Descending into Depression and Drink

Bridging the Gap: Lessons in Adversarial Tradecraft

Moving applications to the cloud

Null bhopal Sep 2016: What it Takes to Secure a Web Application

Positive Technologies - S4 - Scada under x-rays

Avoiding Cross Site Scripting - Not as easy as you might think

Unusual Web Bugs

Recently uploaded

Scale your database traffic with Read & Write split using MySQL RouterMydbops

A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3

Time Series Foundation Models - current state and future directionsNathaniel Shimoni

How to write a Business Continuity PlanDatabarracks

Assure Ecommerce and Retail Operations Uptime with ThousandEyesThousandEyes

[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra

The State of Passkeys with FIDO Alliance.pptxLoriGlavin3

Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada

Sample pptx for embedding into website for demoHarshalMandlekar2

Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen

Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3

Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3

Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...panagenda

DevEX - reference for building teams, processes, and platformsSergiu Bodiu

Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani

The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3

Rise of the Machines: Known As Drones...Rick Flair

New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada

So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda

Manual 508 Accessibility Compliance AuditSkynet Technologies

Recently uploaded (20)

Scale your database traffic with Read & Write split using MySQL Router

A Deep Dive on Passkeys: FIDO Paris Seminar.pptx

Time Series Foundation Models - current state and future directions

How to write a Business Continuity Plan

Assure Ecommerce and Retail Operations Uptime with ThousandEyes

[Webinar] SpiraTest - Setting New Standards in Quality Assurance

The State of Passkeys with FIDO Alliance.pptx

Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024

Sample pptx for embedding into website for demo

Testing tools and AI - ideas what to try with some tool examples

Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx

Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx

Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...

DevEX - reference for building teams, processes, and platforms

Potential of AI (Generative AI) in Business: Learnings and Insights

The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx

Rise of the Machines: Known As Drones...

New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024

So einfach geht modernes Roaming fuer Notes und Nomad.pdf

Manual 508 Accessibility Compliance Audit