November 26th, 2014

VM escaping

I’m pretty surprised this hasn’t been more highly publicized in the last week, but I guess that everyone is recovering from defcon/blackhat/sansfire. Apparently there was a recent VMware escaping demo given at SANSfire this year. There were a few new tools demo’d (my favorite by name alone would have to be either “VMdrag-n-hack”, or possibly “VMdrag-n-sploit”) with some pretty interesting capabilities. While details are a little light on the actual escaping exploit, it seems they did show a live demo of an exploit that was able to crash a guest OS, and run code on the host OS. This has obvious amazingly crazy implications since many people use VMware for not only malware analysis, but for general segregation of services/vhosts/applications/OSs/etc with the assumption that each guest is securely isolated from each other. The bottom line is that this is not a safe assumption and precautions should be taken against any shared medium, despite its logical separation.

Thanks to Larry of paul dot com security weekly for hanging out with us at the kenshoto party and telling us about this at defcon on Saturday.

Leave a Response

Imhotep theme designed by Chris Lin. Proudly powered by Wordpress.
XHTML | CSS | RSS | Comments RSS