Claudio Criscione(editor at virtualization.info)

Virtually Pwned: Pentesting VMware

Virtualization systems are nowadays ubiquitus in enterprises of any size. Penetration testers and security auditors, however, often overlook virtualization infrastructures, simply looking at the virtual machines without any direct analysis of the underlying solution, not to mention those analyses simply marking virtual environments as \\\"not-compliant\\\". A different, new approach is required to assess such systems, defining new targets and new ways to get there. This talk will outline a pentesting-oriented set of steps which can be performed to attack virtualization infrastructures: VMware will be used as the demo target, leveraging VASTO as the Metasploit powered attack platform.

Sobre Claudio Criscione

Claudio managed to score his first hack at the age of 10, to download more contents from the local BBS bypassing ratio restrictions. After that he hacked his way to graduation at Milano TU and started his PhD while working as the principal consultant at Secure Network. He's been involved in web application security and anomaly detection, and then moved into virtualization security to find a new toy. He's the author of VASTO, he presented in various conferences, including BlackHat, CONFidence and Syscan, and he's an editor at virtualization.info

« volver a Speakers

NOVEDADES


diseño: GrafikaWeb