Compromise-as-a-Service

Similar documents
Hypervisor security. Evgeny Yakovlev, DEFCON NN, 2017

W11 Hyper-V security. Jesper Krogh.

The Challenges of X86 Hardware Virtualization. GCC- Virtualization: Rajeev Wankar 36

Virtualization and Security

VMDK Has Left the Building

Virtual Machines. Part 2: starting 19 years ago. Operating Systems In Depth IX 1 Copyright 2018 Thomas W. Doeppner. All rights reserved.

When the Lights go out. Hacking Cisco EnergyWise. Version: 1.0. Date: 7/1/14. Classification: Ayhan Koca, Matthias Luft

IPv6 in Virtualized Data Centers

Windows Server Discussion with BCIU. Kevin Sullivan Management TSP US Education

Advanced Operating Systems (CS 202) Virtualization

Virtualization. ...or how adding another layer of abstraction is changing the world. CIS 399: Unix Skills University of Pennsylvania.

Virtualization Device Emulator Testing Technology. Speaker: Qinghao Tang Title 360 Marvel Team Leader

Virtualization. Pradipta De

Making Nested Virtualization Real by Using Hardware Virtualization Features

Spring 2017 :: CSE 506. Introduction to. Virtual Machines. Nima Honarmand

Virtually Impossible

Chapter 5 C. Virtual machines

CprE Virtualization. Dr. Yong Guan. Department of Electrical and Computer Engineering & Information Assurance Center Iowa State University

CrashOS: Hypervisor testing tool

Module 1: Virtualization. Types of Interfaces

Privilege Escalation

Cross-architecture Virtualisation

CS-580K/480K Advanced Topics in Cloud Computing. VM Virtualization II

VMDK Has Left the Building

Nested Virtualization Update From Intel. Xiantao Zhang, Eddie Dong Intel Corporation

Virtualization and Virtual Machines. CS522 Principles of Computer Systems Dr. Edouard Bugnion

Cloud Networking (VITMMA02) Server Virtualization Data Center Gear

Virtualization. Starting Point: A Physical Machine. What is a Virtual Machine? Virtualization Properties. Types of Virtualization

Secure Containers with EPT Isolation

Virtualization. ! Physical Hardware Processors, memory, chipset, I/O devices, etc. Resources often grossly underutilized

CSE543 - Computer and Network Security Module: Virtualization

Virtualization. Michael Tsai 2018/4/16

Intel s Virtualization Extensions (VT-x) So you want to build a hypervisor?

Attacking Next- Generation Firewalls

Lecture 5: February 3

OS Virtualization. Why Virtualize? Introduction. Virtualization Basics 12/10/2012. Motivation. Types of Virtualization.

It was a dark and stormy night. Seriously. There was a rain storm in Wisconsin, and the line noise dialing into the Unix machines was bad enough to

Last time. Security Policies and Models. Trusted Operating System Design. Bell La-Padula and Biba Security Models Information Flow Control

CHAPTER 16 - VIRTUAL MACHINES

Introduction to Cloud Computing and Virtualization. Mayank Mishra Sujesha Sudevalayam PhD Students CSE, IIT Bombay

COMP6511A: Large-Scale Distributed Systems. Windows Azure. Lin Gu. Hong Kong University of Science and Technology Spring, 2014

Virtualization. Operating Systems, 2016, Meni Adler, Danny Hendler & Amnon Meisels

Micro VMMs and Nested Virtualization

Virtualization Security & Audit. John Tannahill, CA, CISM, CGEIT, CRISC

CSCE Introduction to Computer Systems Spring 2019

The only open-source type-1 hypervisor

General Pr0ken File System

What is KVM? KVM patch. Modern hypervisors must do many things that are already done by OSs Scheduler, Memory management, I/O stacks

COMPUTER ARCHITECTURE. Virtualization and Memory Hierarchy

Dr. K. Y. Srinivasan. Jason Goldschmidt. Technical Lead NetApp Principal Architect Microsoft Corp.

Cloud Computing Virtualization

Nested Virtualization and Server Consolidation

CSE543 - Computer and Network Security Module: Virtualization

CSE543 - Computer and Network Security Module: Virtualization

Operating System Security

Background. IBM sold expensive mainframes to large organizations. Monitor sits between one or more OSes and HW

CS370: Operating Systems [Spring 2017] Dept. Of Computer Science, Colorado State University

Attacking & Protecting Big Data Environments

[537] Virtual Machines. Tyler Harter

EE 660: Computer Architecture Cloud Architecture: Virtualization

CSC 5930/9010 Cloud S & P: Virtualization

Meltdown and Spectre - understanding and mitigating the threats

SentinelOne Technical Brief

24-vm.txt Mon Nov 21 22:13: Notes on Virtual Machines , Fall 2011 Carnegie Mellon University Randal E. Bryant.

MASSACHUSETTS INSTITUTE OF TECHNOLOGY Computer Systems Engineering: Spring Quiz I Solutions

Virtual Machine Security

ADVANCED OPERATING SYSTEMS USB in a microkernel based operating system

Intel Virtualization Technology Roadmap and VT-d Support in Xen

Good Fences Make Good Neighbors: Rethinking Your Cloud Selection Strategy

Intel Graphics Virtualization on KVM. Aug KVM Forum 2011 Rev. 3

Distributed Systems COMP 212. Lecture 18 Othon Michail

Virtualization Overview NSRC

CIT 480: Securing Computer Systems. Operating System Concepts

Introduction to SGX (Software Guard Extensions) and SGX Virtualization. Kai Huang, Jun Nakajima (Speaker) July 12, 2017

HYPERVISORS IN YOUR TOOLBOX SATOSHI TANDA & TIMO KREUZER,

Evasion of High-End IDPS Devices in the Age of IPv6

Knut Omang Ifi/Oracle 6 Nov, 2017

What is Cloud Computing? Cloud computing is the dynamic delivery of IT resources and capabilities as a Service over the Internet.

CS370 Operating Systems

Configure dynamic memory. Configure smart paging. Configure Resource Metering. Configure guest integration services. Configure remotefx

Programmed I/O accesses: a threat to Virtual Machine Monitors?

AMD SEV Update Linux Security Summit David Kaplan, Security Architect

LINUX Virtualization. Running other code under LINUX

Cloud and Datacenter Networking

DOUG GOLDSTEIN STAR LAB XEN SUMMIT AUG 2016 ATTACK SURFACE REDUCTION

Acronis Backup Advanced 11.7 Update 1

Computer Architecture Background

COLORADO, USA; 2 Usov Aleksey Yevgenyevich - Technical Architect, RUSSIAN GOVT INSURANCE, MOSCOW; 3 Kropachev Artemii Vasilyevich Manager,

OS Structure. Kevin Webb Swarthmore College January 25, Relevant xkcd:

Back To The Future: A Radical Insecure Design of KVM on ARM

I/O virtualization. Jiang, Yunhong Yang, Xiaowei Software and Service Group 2009 虚拟化技术全国高校师资研讨班

Oracle Real Application Clusters One Node

CS 571 Operating Systems. Final Review. Angelos Stavrou, George Mason University

Virtualization, Xen and Denali

Securing your Virtualized Datacenter. Charu Chaubal Senior Architect, Technical Marketing 6 November, 2008

Introduction Construction State of the Art. Virtualization. Bernhard Kauer OS Group TU Dresden Dresden,

Virtualization. Dr. Yingwu Zhu

Virtual Machines. Jinkyu Jeong Computer Systems Laboratory Sungkyunkwan University

LINUX KVM FRANCISCO JAVIER VARGAS GARCIA-DONAS CLOUD COMPUTING 2017

1.1 For Fun and Profit. 1.2 Common Techniques. My Preferred Techniques

Transcription:

ERNW GmbH Carl-Bosch-Str. 4 D- 69115 Heidelberg 5/29/14 Compromise-as-a-Service Our PleAZURE Felix Wilhelm, Matthias Luft & Enno Rey {fwilhelm, mluft, erey}@ernw.de

5/29/14 ERNW GmbH Carl-Bosch-Str. 4 D- 69115 Heidelberg #2 Agenda Introduction & Methodology Architecture & Attack Surface MS13-092

5/29/14 ERNW GmbH Carl-Bosch-Str. 4 D- 69115 Heidelberg #3 Prelude No complete security evaluation of Hyper-V - Still work in progress. - We will provide a detailed overview of the attack surface. Will talk about stuff that did not work (lots) and stuff that did work (some). Goal is to motivate and help other researchers.

5/29/14 ERNW GmbH Carl-Bosch-Str. 4 D- 69115 Heidelberg #4 Background root OS Fabric Agent Guest VM Host Agent Virtual Hard Drive Azure Hypervisor [...] Hardware CPU (cores), RAM, local hard drive,... Guest VM Host Agent Virtual Hard Drive Compute Node Original research was part of German government research project. - Overall security posture of the Azure Cloud - Network Security - VM Isolation - Management Interfaces -.

5/29/14 ERNW GmbH Carl-Bosch-Str. 4 D- 69115 Heidelberg #5 Fabric Utility Fabric Controller [ ] Datacenter Routers

5/29/14 ERNW GmbH Carl-Bosch-Str. 4 D- 69115 Heidelberg #6 Cluster Fabric Controller Rack 1 Rack x Aggregation Router & Load Balancer Rack 20

5/29/14 ERNW GmbH Carl-Bosch-Str. 4 D- 69115 Heidelberg #7 Rack Node 1 Node x Node 50

5/29/14 ERNW GmbH Carl-Bosch-Str. 4 D- 69115 Heidelberg #8 Compute Node Compute Node root OS Fabric Agent Guest VM Host Agent Virtual Hard Drive [...] Guest VM Host Agent Virtual Hard Drive Azure Hypervisor Hardware CPU (cores), RAM, local hard drive,...

5/29/14 ERNW GmbH Carl-Bosch-Str. 4 D- 69115 Heidelberg #9 the Cloud?

5/29/14 ERNW GmbH Carl-Bosch-Str. 4 D- 69115 Heidelberg #10 Why Hyper-V? Supposedly, very little research so far: - Four DoS vulnerabilities at all. - Almost no published 3 rd party research. Used in a variety of corporate environments. - Including Azure! - Heavily marketed by Microsoft

5/29/14 ERNW GmbH Carl-Bosch-Str. 4 D- 69115 Heidelberg #11 Azure Hypervisor A.k.a. Hyper-V?

5/29/14 ERNW GmbH Carl-Bosch-Str. 4 D- 69115 Heidelberg #12 Versions Azure Hypervisor Hyper-V

Methodology Or: We re searching for runtime breakouts, right?

5/29/14 ERNW GmbH Carl-Bosch-Str. 4 D- 69115 Heidelberg #14 HV Security Objectives Main and crucial objective: Isolation! - On all layers (network, runtime, storage, )! Potential attacks violating this objective: - Breakout attacks (of course ;-) ) - Side channels & timing attacks - Traditional attacks: Account compromises, misconfiguration,

5/29/14 ERNW GmbH Carl-Bosch-Str. 4 D- 69115 Heidelberg #15 Parts of an Hypervisor Device virtualization Memory management & isolation CPU virtualization APIs

5/29/14 ERNW GmbH Carl-Bosch-Str. 4 D- 69115 Heidelberg #16 Vulnerability History Hypervisor Breakout 2007: VMftp 2009: VMware Cloudburst 2011: Virtunoid KVM Breakout 2012: VMSA-12-009 2012: VMDK Has Left The Building 2012: Xen SYSRET 2013: MS13-092 2014: VirtualBox HGCM 2014: VirtualBox Chromium Breakout

Virtual Air Gap Hyper- V VMware isn't an additional security layer: It's just another layer to find bugs in Kostya Kortchinsky/Immunity/Cloudburst, 2009 5/29/14 ERNW GmbH Carl-Bosch-Str. 4 D- 69115 Heidelberg #17

Hyper-V Seriously, there is just no Hyper-V Logo available.

5/29/14 ERNW GmbH Carl-Bosch-Str. 4 D- 69115 Heidelberg #19 Hyper-V Type 1 hypervisor - Bare metal VMs are called partitions - Root Partition performs management duties. - Creation, Configuration, Destruction - Logging Support for unenlightened + enlightened systems - Enlightened = Explicit support for Hyper-V. Requires guest modification. Uses Intel VT instruction set for hardware based virtualization

Source: h5p://msdn.microso@.com/de- de/library/cc768520(en- us).aspx 5/29/14 ERNW GmbH Carl-Bosch-Str. 4 D- 69115 Heidelberg #20!

5/29/14 ERNW GmbH Carl-Bosch-Str. 4 D- 69115 Heidelberg #21 Hyper-V vs. VMware ESXi Hyper- V ESXi Architecture Micro Kernel Monolithic Most intereslng a5ack surface PlaRorm to exploit Parent ParLLon Windows Hypervisor Proprietary Unix- like environment with a lot of custom libraries and characterislcs The micro kernel improves the security posture of the hypervisor, but moves attention to the parent partition which simplifies post-exploitation!

5/29/14 ERNW GmbH Carl-Bosch-Str. 4 D- 69115 Heidelberg #22 Hyper-V Information Sources Hypervisor Top Level Functional Specification - Detailed documentation of Hypercall API Linux Integration Services - Open Source Hypercall / VMBus / VSC implementation Patent Applications - See picture Singularity Header Files - https://singularity.svn.codeplex.com/svn/base/windows/inc/ Common Criteria Certification Documents - http://www.commoncriteriaportal.org/files/epfiles/ 0570b_pdf.pdf Binaries -

5/29/14 ERNW GmbH Carl-Bosch-Str. 4 D- 69115 Heidelberg #23 Reverse Engineering - Hypervisor Hypervisor itself is implemented in Hvix64.exe (Intel) and Hvax64.exe (AMD) Unfortunately no public debugging symbols available L However some symbols can be ported from winload.exe and hvloader.exe - Networking Code, USB Stack, Debugger implementation - Full credit to Gerhart from securitylab.ru for this idea!

5/29/14 ERNW GmbH Carl-Bosch-Str. 4 D- 69115 Heidelberg #24 Reverse Engineering VMX No documented system libraries Almost no strings Intel VMX instructions and VMCS are biggest help - Semi-automated approach: Locate vmx instructions and access to VMCS properties - Translate VMCS property values into corresponding name - Implemented using IDAPython script

5/29/14 ERNW GmbH Carl-Bosch-Str. 4 D- 69115 Heidelberg #25 Reverse Engineering - Debugging Debugging via WinDBG is supported - Serial Port, Firewire, Ethernet Fortunately no dedicated hardware is needed - VMware supports nested virtualization Hyper-V specific functionality requires hvexts.dll - Not publicly available - Have a copy? Drop us a mail J

5/29/14 ERNW GmbH Carl-Bosch-Str. 4 D- 69115 Heidelberg #26 Reverse Engineering - VSP Virtualization Service Provider - Implemented in Kernel (Storage, Networking) or Userspace(Framebuffer, HID) Public debugging Symbols are sometimes available - vmswitch.sys J - storvsp.sys L - vmwp.exe L (Many debugging strings)

5/29/14 ERNW GmbH Carl-Bosch-Str. 4 D- 69115 Heidelberg #27 Attack Surface

5/29/14 ERNW GmbH Carl-Bosch-Str. 4 D- 69115 Heidelberg #28 Attack Surface Based on the taxonomy presented earlier: - CPU: VM Exits - Device Virtualization: VMBus, Emulated Devices, RemoteFX - APIs: VMBus, Hypercalls

Emulated Devices

5/29/14 ERNW GmbH Carl-Bosch-Str. 4 D- 69115 Heidelberg #30 Emulated Devices Emulation of standard devices to allow unenlightened guest partitions Includes - Network adapter - S3 Trio graphic card - Keyboard / Mouse - IDE Controller Implemented in vmwp.exe

5/29/14 ERNW GmbH Carl-Bosch-Str. 4 D- 69115 Heidelberg #31 Emulated Devices We performed basic fuzzing (think IOFUZZ) - Permanent reboots - Worker process eats 100% CPU and requires hard kill - no interesting results besides that. Basic static analysis - No symbols, but debug strings. - Lots of sanity checks.

VMBus

5/29/14 ERNW GmbH Carl-Bosch-Str. 4 D- 69115 Heidelberg #33 VMBus Message bus for communication between partitions Default configuration: - Only communication to and from root partition allowed Memory pages that are mapped for multiple partitions - Heavily used for performance critical tasks in enlightened partitions Large attack surface

5/29/14 ERNW GmbH Carl-Bosch-Str. 4 D- 69115 Heidelberg #34 VMBus Components

5/29/14 ERNW GmbH Carl-Bosch-Str. 4 D- 69115 Heidelberg #35 VMBus Architecture Initialization: - PostMessage HyperCall - Is used to create VMBus between Partitions - Negotiates/sets up shared memory sections Communication: - One or more channels are used to isolate communication between different functionality - Think of IP transport and TCP connections - Each channel has two ring buffers, one for inbound and one for outbound communication - Large transfers are performed via GPADLs

5/29/14 ERNW GmbH Carl-Bosch-Str. 4 D- 69115 Heidelberg #36 VMBus-based Services Term Description Driver Networking Storage Utilities Framebuffer VM traffic is sent via VMBus to the Hyper-V Virtual Switch running in the parent partition. Child partitions send (mainly) SCSI commands encapsulated in so-called vstor packets. Different minor functionality such as heartbeats, time synchronization, or shutdown is available via SyncIC messages Virtual child console in parent Hyper-V Manager tool Child: hv_netvsc.ko Parent: vmswitch.sys Child: hv_storvsc.ko Parent: storvsp.sys, vhdump.sys Child: hv_util.ko Parent: vmwp.exe Child: hyperv_fb Parent: vmwp.exe

5/29/14 ERNW GmbH Carl-Bosch-Str. 4 D- 69115 Heidelberg #37 Analysis Network and Storage: Interesting attack surface - Parent endpoints in kernel space - In contrast to VMWP.exe running under non-admin user Potential vulnerabilities: - Protocol/logical flaws - Memory corruption in parent partition drivers/processes

5/29/14 ERNW GmbH Carl-Bosch-Str. 4 D- 69115 Heidelberg #38 Storage Parent Partition Child Partition vhdump.sys storvsp.sys storvsc.ko SCSI driver vstor scsi vstor scsi VMBus VMBus VMBus vstor scsi

5/29/14 ERNW GmbH Carl-Bosch-Str. 4 D- 69115 Heidelberg #39 vstor_dmp #./vstor_dmp 0x000000: 03 00 00 00 01 00 00 00... 0x000008: 00 00 00 00 34 00 00 00...4 0x000010: 02 00 00 00 0a 14 00 00... 0x000018: 00 20 00 00 2a 00 07 c5...* 0x000020: ee 70 00 00 10 00 00 00.p... 0x000028: 00 00 00 00 00 00... Operation: 03 00 00 00(VSTOR_OPERATION_EXECUTE_SRB) Flags: 01 00 00 00 Server Status: 00 00 00 00

5/29/14 ERNW GmbH Carl-Bosch-Str. 4 D- 69115 Heidelberg #40 vstor_packet 0 32 OperaLon ENUM (e.g. RESET_LUN) Flags (currently one, RequestCompleLon) Server Status Payload, up to 52 Bytes e.g. SRB, Channel ProperLes, or WWN Packet

5/29/14 ERNW GmbH Carl-Bosch-Str. 4 D- 69115 Heidelberg #41 VMBus Packet 0 32 Type Length TransacLon ID Reserved Rangecount Page Buffer Range (array of PFNs, mullples of 16 bytes) Payload e.g. vstor_packet DataOffset Flags

5/29/14 ERNW GmbH Carl-Bosch-Str. 4 D- 69115 Heidelberg #42 Analysis Performed so far: - Dumb fuzzing - à Guest VM crashes due to VSC failures - Manual protocol analysis - No results, but difficult to do due to high amount of VMBus packets - à Debugging is PITA - Basic static analysis - No interesting results - Checked for banned functions (strcpy, sprintf, you name it) - Not too surprising, SDL works here

5/29/14 ERNW GmbH Carl-Bosch-Str. 4 D- 69115 Heidelberg #43 Basic Fuzzing Implemented using kprobes - https://www.kernel.org/doc/ Documentation/kprobes.txt Allows to hook (almost) arbitrary kernel functions and tamper with existing data. Approach: - Hook packet_send functions and tamper with packet arguments.

Hypercalls

5/29/14 ERNW GmbH Carl-Bosch-Str. 4 D- 69115 Heidelberg #45 Hypercall Interface Like system calls but for communication between VM kernel and hypervisor Documented interface - And known security boundary - RCX = Call Number - RDX = Input GPA - R8 = Output GPA Used by enlightened partitions to improve performance Root partition manages other partition using hypercalls

Hypercall Interface Auditing hypercalls requires finding the handler functions First Step: - Finding main VM Exit handler which is stored inside VMCS field 5/29/14 ERNW GmbH Carl-Bosch-Str. 4 D- 69115 Heidelberg #46

5/29/14 ERNW GmbH Carl-Bosch-Str. 4 D- 69115 Heidelberg #47 Hypercall Interface VM Exit handler looks similar in all VMM implementations: - Store Guest State - Perform action depending on VMCS Exit Reason - Restore Guest State Hypercalls are executed using vmcall instruction.

5/29/14 ERNW GmbH Carl-Bosch-Str. 4 D- 69115 Heidelberg #48 Hypercall Interface RCX register stores hypercall number Is used as index into handler table Handler Table allows quick identification of all handler functions

5/29/14 ERNW GmbH Carl-Bosch-Str. 4 D- 69115 Heidelberg #49 Hypercall Interface Hypercall handler are quite simple RCX = Input / RDX = Output - Copied from original input pages Early permission checks guard most complicated handler functions Performed fuzz testing but no interesting results.

5/29/14 ERNW GmbH Carl-Bosch-Str. 4 D- 69115 Heidelberg #50 However Sanity checks are executed before calling the actual hypercall handler: - Hypercall comes from Ring 0? - Input and Output GPA are aligned? - Input and Output GPA look sane?

5/29/14 ERNW GmbH Carl-Bosch-Str. 4 D- 69115 Heidelberg #51 The Bug Guest GPAs >= 0x1000000000 and < 0x1000000000000 set special error condition Error function tries to map GPA to system PTE - r8 points to table - rax = input_gpa >> 12; Classic out-of-bound access because GPA can be almost unlimited large. The trigger? - hypercall(0xxy, input_address = 0x4141414141414141...) J

5/29/14 ERNW GmbH Carl-Bosch-Str. 4 D- 69115 Heidelberg #52 Fixed with MS13-092 Denial of Service of complete hypervisor Potentially privilege escalation to other virtual machines Azure affected!

5/29/14 ERNW GmbH Carl-Bosch-Str. 4 D- 69115 Heidelberg #53 Some thoughts on exploitation DoS trivially possible by accessing invalid memory. Privilege Escalation possible?

5/29/14 ERNW GmbH Carl-Bosch-Str. 4 D- 69115 Heidelberg #54 Some thoughts on exploitation Patch adds additional range check in front and force-returns 0 - Code flow called after vuln function returns 0 is uninteresting Can t read attacker controlled value - Upper limit + 64bit address space However, offset to next virtual machine PTE table is constant - Possible to access PTEs of other VMs

5/29/14 ERNW GmbH Carl-Bosch-Str. 4 D- 69115 Heidelberg #55 Some thoughts on exploitation Limited to a special PFN number - Could not clearly identify its use case + not used by VMs in our lab :/ Code flow after successful checks is interesting - But can only be minimally influenced by attacker - Two values used: PTE and INPUT_GPA (both are more or less fixed) Classic Memory corruption not possible - But triggering a PTE map from/to a different partition would be game over as well.

5/29/14 ERNW GmbH Carl-Bosch-Str. 4 D- 69115 Heidelberg #56 Some thoughts on exploitation Patch is noisy - Pretty sure that we did not miss any additional security relevant modifications Might have missed something completely obvious..

5/29/14 ERNW GmbH Carl-Bosch-Str. 4 D- 69115 Heidelberg #57 Demo

5/29/14 ERNW GmbH Carl-Bosch-Str. 4 D- 69115 Heidelberg #58 Future Work Improve fuzzing - Think of analysis approach that allows high coverage and automation without constantly crashing the guest. Look at new stuff - RemoteFX - Gen2 VMs - Xbox One Go deeper - VM exit handling

5/29/14 ERNW GmbH Carl-Bosch-Str. 4 D- 69115 Heidelberg #59 Conclusions Hypervisor security & research is not hard. - Just software and big attack surface. Hypervisor security & research is hard. -.. but you learn a lot! Hyper-V is solid software -.. but still has critical security bugs. Hypervisors are getting faster/more features but not more secure. -.. still not enough public research! Make the theoretical practical.

5/29/14 ERNW GmbH Carl-Bosch-Str. 4 D- 69115 Heidelberg #60 There s never enough time THANK YOU @_fel1x @uchi_mata @Enno_Insinuator...for yours! Code & Slides: https://www.insinuator.net (..soon) fwilhelm@ernw.de mluft@ernw.de erey@ernw.de

5/29/14 ERNW GmbH Carl-Bosch-Str. 4 D- 69115 Heidelberg #61 Sources & Mentions Gal Diskin, Virtually Impossible Gerhart, http://www.securitylab.ru/contest/444112.php Hypervisor Functional Specification, Microsoft

Disclaimer All products, company names, brand names, trademarks and logos are the property of their respective owners!

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback