The presentation claims to demonstrate the following Xen vulnerabilities/exploits:
- practical ways to stealthly use DMA to control all physical memory
- Xen loadable backdoor modules framework - description of a set of tools allowing to easily load compiled C code into Xen hypervisor (similarly to how Linux kernel modules work)
- implementation of a backdoor residing in hypervisor space (so, invisible from the hosted operating system), allowing for remote commands execution
- implementation of a backdoor residing in a hidden, unprivileged domain, allowing for remote commands execution in dom0
https://www.blackhat.com/html/