Black Hat Asia
March 24-27, 2015
Marina Bay Sands, Singapore
7/29/2014
01:00 PM
Black Hat Staff
Black Hat Staff
Event Updates
50%
50%

Black Hat USA 2014: Virtual Reality Check

Virtualization is the future (and often the present) of large-scale IT, but like any technology, it has its share of flaws and shortcomings. Today, as we near the beginning of Black Hat USA 2014, we highlight three Briefings that explore the world of virtualized systems... more specifically, how to break and/or protect them.

Hypervisors are here to stay and promise to shrink the attack surfaces of exposed systems. But Rafal Wojtczuk has been breaking them for eight years, and, oh, does he have some tales to tell. Poacher Turned Gamekeeper: Lessons Learned from Eight Years of Breaking Hypervisors will begin with a trip down memory lane, revisiting major hypervisor breakouts and throwing in a few new exploits, too. Later, he'll examine hypervisor security; does it really live up to the promises? Not at all. In fact, he'll reveal why he believes most hypervisors aren't built with security in mind, as well as his suggestions to harden them.

OpenStack allows you to manage a cloud of VMs, and it has grown into a widely adopted platform. The issue with having a centralized IaaS is that, if you compromise the management cluster, you can attack everything it controls, which is a lot at Yahoo scale. How do you keep your OpenStack cluster safe? What do you do when a management system, hypervisor, or VM is compromised? OpenStack Cloud at Yahoo! Scale: How to Avoid Disaster will discuss how to harden your cluster and make large breaches less likely. And if a breach does occur, you'll find out how to contain it. Bonus: Examples will be drawn from Yahoo's massive deployments of OpenStack clusters.

Finally, it's an arms race between malware authors and forensics experts, and dynamic analysis (sandboxing) is one of good guys' best weapons. But malware authors are evading it in ever-increasing ways. What to do? Full System Emulation: Achieving Successful Automated Dynamic Analysis of Evasive Malware will be a 101, a 201, and possibly a 301 on leveraging full-system emulation, showing you the pros and cons of this methodology, as well as intel on the latest malware evasion techniques observed in the wild.

Regular registration ended July 26, which was a couple of days ago. What are you doing over there? Do you always procrastinate so much? Better visit Black Hat USA 2014's registration page to see what your options are.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-4467
Published: 2015-01-30
WebKit, as used in Apple iOS before 8.1.3, does not properly determine scrollbar boundaries during the rendering of FRAME elements, which allows remote attackers to spoof the UI via a crafted web site.

CVE-2014-4476
Published: 2015-01-30
WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulner...

CVE-2014-4477
Published: 2015-01-30
WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulner...

CVE-2014-4479
Published: 2015-01-30
WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulner...

CVE-2014-4480
Published: 2015-01-30
Directory traversal vulnerability in afc in AppleFileConduit in Apple iOS before 8.1.3 and Apple TV before 7.0.3 allows attackers to access unintended filesystem locations by creating a symlink.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
If you’re a security professional, you’ve probably been asked many questions about the December attack on Sony. On Jan. 21 at 1pm eastern, you can join a special, one-hour Dark Reading Radio discussion devoted to the Sony hack and the issues that may arise from it.