Explore the architecture and vulnerabilities of Hyper-V virtualization technology in this 47-minute Black Hat conference talk. Delve into the complexities of virtualization stacks as a foundation for platform and cloud security. Examine the potential risks associated with guest-to-host exploits. Learn about Hyper-V components, guest partitions, least privilege principles, and the componentized attack surface. Investigate the Hypervisor's kernel and user modes, VM Bus, attack surfaces, VM Bus pipes, and IO entry points. Analyze VM Switch, VPCI, and VMBus communication. Gain insights into the intercepted IO process and reflect on the implications for virtualization security.
A Dive into Hyper-V Architecture and Vulnerabilities
Overview
Syllabus
Introduction
HyperV Architecture
Physical Memory Terminology
HyperV Components
Guest Partitions
Least Privilege
Componentized Attack Surface
Hypervisor
Kernel Mode
User Mode
VM Bus
Attack Surface
VM Bus Pipes
IO Entry Points
Joe Slides
VM Switch
VPCI
VMBus
Communication
intercepted IO
Closing thoughts
Taught by
Black Hat
