Explore a critical security vulnerability in VMware's API that could allow insider threats to escalate privileges and bypass crucial security measures. Delve into how enterprises commonly use VMware's security model to separate infrastructure and guest machine domains, restricting IT teams from accessing sensitive data inside administered machines. Learn about a discovered method to exploit VMware's API, potentially enabling malicious insiders to manipulate files and interact with guest machine consoles despite lacking proper permissions. Gain insights into this 20-minute Black Hat conference talk by Ofri Ziv, which highlights the importance of robust security measures and the potential risks associated with seemingly secure virtualization environments.
Overview
Syllabus
Escalating Insider Threats Using VMware's API
Taught by
Black Hat
Related Courses
-
Detecting Insider Threats Using Blockchains - 2019
-
The Enemy Within - Detecting and Mitigating Insider Threats
-
Insider Threat Kill Chain - Human Indicators of Compromise
-
Insider Threats Packing Their Bags With Corporate Data
-
Rob, Replicate and Replace - China’s Global Technology Theft and How to Confront It
-
Well, That Escalated Quickly! How Abusing Docker API Led to Remote Code Execution, Same Origin Bypass and Persistence in the Hypervisor via Shadow Containers
