Exploiting Hypervisors

From March 16, 2015 to March 17, 2015

In the age of omnipresent virtualization, the security posture of the hypervisor is crucial to ensure the security posture of virtualized landscapes. Even though hypervisors are designed and implemented with security in mind, they may offer a broad attack surface to malicious users. Hence the thorough assessment of hypervisors is still essential for security sensitive environments. In this workshop, we will discuss different popular hypervisors: VMware ESXi, Microsoft’s Hyper-V and the open-source solutions Xen hypervisor and VirtualBox. Participants will learn about the architecture, implementation and security pitfalls of these platforms and will analyze and exploit three recent vulnerabilities in these hypervisors. The goal is to foster a better understanding of the security implications of hypervisors and appropriate mitigation strategies.





Agenda Day 1


VMDK Has Left the Building

Agenda Day 2



Xen Sysret

Matthias Luft

Matthias Luft is a security researcher and heads the German security research company ERNW Research. He is interested in a broad range of topics (such as DLP, virtualization, and network security) while keeping up with the daily consulting and assessment work.

Felix Wilhelm

Felix is a security researcher working for ERNW GmbH. His main interests are application security, reverse engineering and virtualization security. Felix has disclosed critical vulnerabilities in popular software such as Hyper-V, Xen, Typo3 or IBM GPFS and has presented his work at international conferences like PHDays, Hack in the Box, Infiltrate and Troopers.