Friday, August 8, 2008

Hacking Xen

I just got this link from Chris Sears on the Google Cloud Computing Group. There seems to be an upcoming presentation at the Blackhat conference on how to hack Xen. Let's hope Amazon reviews the presentation before any hacker do.

The presentation claims to demonstrate the following Xen vulnerabilities/exploits:

- practical ways to stealthly use DMA to control all physical memory
- Xen loadable backdoor modules framework - description of a set of tools allowing to easily load compiled C code into Xen hypervisor (similarly to how Linux kernel modules work)
- implementation of a backdoor residing in hypervisor space (so, invisible from the hosted operating system), allowing for remote commands execution
- implementation of a backdoor residing in a hidden, unprivileged domain, allowing for remote commands execution in dom0

https://www.blackhat.com/html/bh-usa-08/bh-usa-08-speakers.html#Wojtczuk

#DigitalNibbles Podcast Sponsored by Intel

If you would like to be a guest on the show, please get in touch.

Instagram