Virtualised technologies are being lapped up left, right and centre by corporates committed to the cash savings they promise. Sadly the savings that can be gleaned are not without the attendant risk. Instead of nice normal networks that people can understand, many vendors are offering networks in a box. As well as being lovely single points of failure, they have a number of risks that remain largely unexplored. Research has already been conducted around VMWare, but there still exists a fundamental flaw that no-one seems to have spotted. This talk will illustrate why and how virtualisation works, what the difference is between what the vendors say and how it is being implemented in RL, and discusses a theoretical vulnerability that if it can be exploited can bring down the house of cards. Additionally if it can be made to work pre-con a significant vulnerability in Active Directory will be demonstrated, not for any particular reasons of relevance, but because it is very, very amusing.
Michael is an experienced UK based security consultant, with a specialism in the penetration testing of web applications and the testing of compiled code bases and DB environments to destruction. As well as the day job, Michael has been published in a range of journals and magazines, including heise, Network Security, Inform IT and Security Focus, and is currently preparing his first book length technical manuscript. To date, Michael has worked for NGS Software, CSC (Computer Sciences Corporation), and a host of freelance clients throughout the globe. When not breaking things, Michael enjoys loud music, bad movies, weird books and writing about himself in the third person.