Explore offensive security research techniques for hardening Microsoft's Hyper-V virtualization stack in this 51-minute Black Hat conference talk. Dive into the importance of virtualization technology in modern computing security strategies and understand why Hyper-V is held to such high security standards, as evidenced by its $250,000 public bug bounty program. Learn about the structure of Hyper-V, including its VMSwitch component, and examine specific vulnerabilities such as write-out-of-bounds issues and kernel thread stack exploits. Discover methods for bypassing Kernel Stack Layout Randomization (KSLR) and how information leaks can be leveraged. Gain insights into effective mitigation strategies, with a focus on two key approaches presented by security researcher Jordan Rabet. Enhance your understanding of virtualization security and offensive research methodologies to better protect critical infrastructure.
Overview
Syllabus
Introduction
What is HyperV
VMSwitch
Vulnerability
Write out of bounds
Kernel thread stacks
Bypassing KSLR
Info Leak
What to do
First mitigation
Second mitigation
Taught by
Black Hat