Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Categories

In this Discussion

Interesting Defcon Presentations
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Interesting Defcon Presentations

emgemg Veteran
in General

I just returned from Defcon. While I was there, I saw many presentations. Three of the presentations that I saw might interest the people here. Defcon will make the videos and slides available on the Internet in a few months. These titles and summaries are my own.

Student and Professor Test for Flaws in Layer 2 Virtual Networking - Virtual Switches, etc.:

They tested previously known attacks on network hardware, but applied them to the virtual network devices in Xen, Hyper-V, and others. No surprise, the virtual network devices did not do well against those attacks. I was disappointed that they did not mention OpenVZ - I would have been curious to know what they found, but I assume they did not test it.

https://www.defcon.org/html/defcon-23/dc-23-speakers.html#Bull

New Ways to Attack Hypervisors by Compromising the Firmware on the Physical Computers Where They Run:

Very dry and technical. Basically, persistent malware in the physical computer's firmware installs a backdoor in the hypervisor. The attacker controls an evil virtual machine running on the same hardware. The evil virtual machine uses the backdoor in the hypervisor to attack other virtual machines that run on the same hardware. Interesting work, but the challenge for the attacker is modifying the firmware on the physical computer. The speakers showed ways to do it, but they all seemed to require access that is not typical unless you own the hardware.

https://www.defcon.org/html/defcon-23/dc-23-speakers.html#Bulygin

Hidden Communications Between Virtual Machines through the CPU Instruction Cache:

This was brilliant. The speaker realized that the instruction cache pipeline on a CPU could leak information between two virtual machines running in a hyperthreaded core, based on the timing. He set up carefully crafted long and short CPU instructions on one virtual machine, and let the other virtual machine run NOPs. Long pauses (due to contention) represented a 1, short ones represented a zero. Insert lots of very clever steps here, as the speaker overcame one hurdle after another until he got the two virtual machines to communicate. Add error correction, and he had a reliable 9 Mbit/sec covert channel between the two virtual machines. At the end of his presentation, for the icing on the cake, he demonstrated running a remote shell from one VM on the other.

https://www.defcon.org/html/defcon-23/dc-23-speakers.html#Martineau

Thanked by 2souvarine raindog308

Comments

Sign In or Register to comment.