Explore a critical vulnerability in the Xen hypervisor through this Black Hat conference talk. Delve into the Xen Project's virtualization platform, which powers major cloud infrastructures. Learn about the hypervisor's role in managing CPU/MMU and guest operating systems, including the differences between PV and HVM modes. Discover how the speaker's team uncovered a verification bypass bug inspired by the Ouroboros symbol. Understand the potential impact of this vulnerability, which could allow a malicious PV guest OS to gain control over the hypervisor and other guest operating systems. Gain insights into specific exploitation vectors and payloads used to exploit this security flaw in one of the most widely used virtualization platforms.
Overview
Syllabus
Ouroboros: Tearing Xen Hypervisor With the Snake
Taught by
Black Hat
Related Courses
-
Advanced Exploitation - Xen Hypervisor VM Escape
-
Who Watches the Watcher - Detecting Hypervisor Introspection from Unprivileged Guests
-
Xenpwn - Breaking Paravirtualized Devices
-
My Ticks Don't Lie - New Timing Attacks for Hypervisor Detection
-
Myth and Truth About Hypervisor-Based Kernel Protector - The Reason Why You Need Shadow-Box
-
Poacher Turned Gamekeeper - Lessons Learned from Eight Years of Breaking Hypervisors
