Friday, April 27

A great piece on VM Security

Should you care, take a look at this PDF on virtual machine detecting and security by Tom Liston and Ed Skoudis. This presentation has been around for awhile, however, it is worth the read.

One area of interest is the VMware's communication channel, which is used for:
  • shared clip board
  • file sharing
  • time sync
... the interesting thing, per this document, VMware uses a hard-coded value to authenticate to the command channel. It is always the same value.

Another interesting item is a deeper look at the guest's .vmx file. Just as one would add or remove items on a new server, the same holds true for a guest VM. In this case you would augment the settings within the .vmx file to limit the ability to fingerprint a VM (page 23).

Read the PDF here.

2 comments:

t@m said...

I just downloaded the pdf and its really well explained in a very decent way.

jia said...

Hi, very useful information (from your PDF)