Virtualization systems are nowadays ubiquitus in enterprises of any size. Penetration testers and security auditors, however, often overlook virtualization infrastructures, simply looking at the virtual machines without any direct analysis of the underlying solution, not to mention those analyses simply marking virtual environments as "not-compliant". A different, new approach is required to assess such systems, defining new targets and new ways to get there. This talk will outline procedures and approaches, complete with tools and demos, to execute a penetration test or a design review on virtualization enviroments. Security experts eager to know more about these systems and sysops willing to protect their own fortress will find this talk interesting
Secdocs is a project aimed to index high-quality IT security and hacking documents. These are fetched from multiple data sources: events, conferences and generally from interwebs.
Serving 8166 documents and 531.0 GB of hacking knowledge, indexed from 2419 authors from 163 security conferences.