1 / 40

WELCOME!

WELCOME!. Hacking Uncovered: VMware ® Advanced VMware® Security The Latest Threats and Tools. Presented by Duane Anderson of VMTraining – CPTS, CEH, CPTE, CDFE, CWSE, CISSO, CVE, CVSE and Security+. Cool Offer!.

kenna
Download Presentation

WELCOME!

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. WELCOME! • Hacking Uncovered: VMware® • Advanced VMware® Security The Latest Threats and Tools Presented by Duane Anderson of VMTraining – CPTS, CEH, CPTE, CDFE, CWSE, CISSO, CVE, CVSE and Security+

  2. Cool Offer! • Free Drawing for 1 seat in the VMware Advanced Security Class with Firebrand.

  3. What are you in for? Hold On! • vSphere Just Another Layer to Attack? • Recent Cases involving VMware • Pen Testing Methodology • Gueststealer • TomCat Zero Day • Directory Traversal • VASTO • Mitigation Techniques • 3rd Party Mitigation Tools

  4. What is Happening today? • VMware – 80% of the Market Share • Do the Tools used in Pen Testing work with virtualization? • Are there hacks being designed just for VMware? • What is this costing us?

  5. The Need is Here!

  6. Time to Discuss • What are the main security concerns associated with virtualization in general? • Segregation of Duties • Accounting/Logging • New API’s • VMsafe • vStorage • vNetwork • VMsafe Virtual Appliances • Plug-Ins • Share Resources – can they be attacked? • Memory, CPU, Datastore

  7. Virtualization – Just Another Layer to Attack

  8. Web Service

  9. TomCat

  10. VMCI http://pubs.vmware.com/vmci-sdk/VMCI_intro.html

  11. Time to Discuss • Threats • Perceived • Known • Risks • Probability • Potential Impact

  12. Some Vulnerabilities • Secunia Historic Advisories • ESX 4.x • ESXi 4.x • vCenter Server 4.x • nvd.nist.gov • Over 40 Vulnerabilities for VMware Products • McAfee Threats • VMware • ESX Server Heap Buffer Overflow • vCenter Update Manager CSS • vCenter Update Manager Directory Traversal

  13. Chained Exploit Example

  14. Methodology • This does not change, regardless of the environment being tested. • Information Gathering • Scanning • Enumeration • Penetration • Fail • Start Over or tell them great job • Succeed • Escalate Privileges • Steal Data or Leave proof of hack • Cover Tracks • Leave Backdoors

  15. Tools…. • Google • NMAP – Since v4.8 • Ettercap • Cain and Abel • Metasploit • Claudio Criscione • VASTO – Virtualization ASsessmentTOolkit

  16. Shodan – You have to be kidding me!

  17. Shodan – Youhave to be kidding me!

  18. Scanning for ESX • We have to find the systems first. • Just like any other service, ESX has its own tells. • NMAP – will give you what you need. • Lets see this in action!

  19. SSL request SSL reply (Real Self Signed Cert) SSL reply (Fake certificate) SSL request F&JLMDHGST*KU P)JDGH$FDSD@ How we understand Fake Certificate Injection to work. • ARP Cache Poisoning will allow us to perform a successful SSL crack! • The hacking tools will create fake certificates. • Two simultaneous SSL connections are established. One between the victim and the hacker, the other between the hacker and the real server. • The communication process starts on port 443 and once the SSL authentication has been established VMware moves the communication to port 902. Stop Copy & Alter ESX Sever Cleartext

  20. Stealing the Password • VIC Client Login

  21. DECISION TIME!

  22. Password Revealed…

  23. Screenshots • You are still vulnerable even if you use vCenter. • I can offer this: • Once the above password is stolen you can login to the host with the vpxuser and above password.

  24. Presented at SchmooCon 2010

  25. VASTO – Auxiliary Modules

  26. vSphere Client Communication Client Server GET /client/clients.xml 1 AutoUpdate URL RetrieveServiceInstance 2 ServiceInstance RetrieveServiceStatus 3 Status GET /client/clients.xml 4 Autoupdate URL Login

  27. VASTO VILurker

  28. VASTO VILurker

  29. VASTO Autopwn

  30. Mitigating These Vulnerabilities

  31. TrendMicro Deep Security • Trend Micro Deep Security provides advanced security for physical, virtual, and cloud servers and virtual desktops. • Modules • Agentless Malware Detection for VMs • Deep Packet Inspection • Intrusion Detection and Prevention • Web Application and Protection • Application Control • Bidirectional Stateful Firewall • Integrity Monitoring • Log Inspection

  32. Deep Security Architecture

  33. In-depth Look – *Authors Picks Catbird Catbird TrustZones® policy-based security envelope for virtual infrastructures and the cloud. Enforces protection and measures compliance across virtual clusters and data centers. • Catbird virtual security appliance performs several functions: • Hypervisor auditing • Virtual network IPS • Network segmentation and access control • Vulnerability management • Multi-tenant security • Reports to management console

  34. Catbird – continuous compliance • Catbird appliances collect data and enforce policies • Appliances report events to management console • Management console analyses events andcorrelates to compliance framework

  35. VMware Advanced Security • Course Introduction and Methodology • Penetration Testing 101 • Primer and Reaffirming our Knowledge • Security Architecture, vCPU, vMemory • Routing and the vNetwork • vStorage – Architecture and Security Implementations • Hardening the Virtual Machines • Hardening the Host • Hardening Virtual Center • Virtualizing your DMZ • 3rd Party Mitigation Tools • Putting it all Together

  36. vSphere 4.1 Ultimate Bootcamp • Course Intro & Methodology • Virtualization Overview • Planning & Installing ESX/ESXi4 • Using Tools to Administer a VMware Environment • Configuring Networking • Configuring Storage • vCenter Server 4 and Licensing • VM Creation and Configuration & Snapshots • Security and Permissions • Server and VM Monitoring • Advanced ESX and vCenterManagement • Patching and Upgrading ESX/ESXi • Disaster Recovery and Backup 50 Hours of Training – 6.5 Classes in ONE

  37. Review

More Related