Hacking Virtual Machines

1 reply [Last post]
cisc0ninja
cisc0ninja's picture
Offline
SX Crew
Joined: 2008/03/17

I've previously read some information on this but wanted to ask what other peoples experiences have been?
I know that a lot depends on the environment and what software was used for the virtualization, but just curious if any new exploits or ways of attack have been brought up. It's my understanding that if you gain control over the hypervisor for redhat's zen virtual environment, you are essentially able to have root on all of the virtual machines on that server. One of the articles I had previously read, stated someone attacked a virtual environment during the time when it was transferring data or doing some type of backup (<----probably incorrect terminology here).

It's because the threat of potentially loosing all servers during an attack vice just one that gets rooted; we have normally stated virtualization is a bad idea in terms of security.
But regardless of what we say "corporate" is going to say "look at all the money we can save on server cost and power bills!!!"
So since it's already happening I figured now would be a good time for us talk about just how easy it is to attack, and some methods whether they be potential or actual.

I'm interested to hear what everyone has to say about this.

-cisc0ninja

"He who knows his own weakness, knows more of himself than he who has none."