Virtualization security has become important both in the data center and on the endpoint. The Advanced Threat Research (ATR) team has a variety of contributions, including technical descriptions of threats and mitigations as well as tools for assessing particular systems and further research.
Reaching the Far Corners of Matrix: Generic VMM Fingerprinting | 2015-10-15
Last year, there were not many studies on fingerprinting the virtualized environment. This talk fills the gap and provides a generalized approach for VMM fingerprinting and detection. The approach exploits ISA corner cases handling by VMMs. The presentation outlines the most popular modern VMMs and shows that all the popular modern VMMs can be reliably identified with several instructions from user mode.
Attacking Hypervisors via Firmware and Hardware | 2015-08-05
At Black Hat USA 2015, the ATR team presented multiple attacks against hypervisors by targeting vulnerabilities in firmware and hardware. This research builds on analysis of hypervisor implementations as well as vulnerabilities in system firmware. If the hypervisor does not fully isolate the system firmware from attacks within a guest VM, security issues in the underlying system may be exposed. This research presented multiple real-world bypasses of hypervisor security using already-known firmware vulnerabilities that happened to be exposed.
Demos from the presentation are available here: