Archive for the 'Virtualization' Category

image_pdfimage_print

DEF CON 24 DEMO: Switch Spoofing Attack Against a Cisco 2950 Switch from the VMWare ESXi 6.0 Hypervisor Environment

This post includes a demo video which illustrates the effects of a Switch Spoofing attack launched from within a virtualized networking environment. The experiment was performed on seven different hypervisor/virtual network configurations in order to perform a systematic evaluation of the effects across all of the major enterprise level virtualization platforms. The following network diagram illustrates the configuration used for each of the experiments:

switch_spoofing_virtual

Continue reading ‘DEF CON 24 DEMO: Switch Spoofing Attack Against a Cisco 2950 Switch from the VMWare ESXi 6.0 Hypervisor Environment’

DEF CON 24 DEMO: ARP Poisoning Attacks in Virtual Networks

This post includes demo videos which illustrate the effects of an ARP poisoning Man-in-the-Middle attack within a virtualized networking environment. The experiment was performed on seven different hypervisor/virtual network configurations in order to perform a systematic evaluation of the effects across all of the major enterprise level virtualization platforms. The following network diagram illustrates the configuration used for each of the experiments:

arp_poison

Continue reading ‘DEF CON 24 DEMO: ARP Poisoning Attacks in Virtual Networks’

DefCon 23 Presentation: Exploring Layer 2 Network Security in Virtualized Environments

DefCon 23 Video Demo: Rogue DHCP/DNS server gaining root access to target

DefCon 23 Video Demo: Rogue DHCP/DNS server ShellShock exploit proof of concept

DefCon 23 Video Demo: Rogue DHCP/DNS server on Citrix XenServer 6.2 with Open vSwitch 1.4.6

DefCon 23 Video Demo: MAC Flooding on Citrix XenServer 6.2 with Open vSwitch 1.4.6

DefCon 23 Video Demo: MAC Flooding on Gentoo/Xen with Open vSwitch 2.0.0

DefCon 23 Video Demo: MAC Flooding on Gentoo/Xen with 802.1d Bridging

Exploring Layer 2 Network Security In Virtualized Environments – DerbyCon 4.0

I gave a talk this past weekend on part of my Ph.D. dissertation research at the DerbyCon 4.0 “Family Rootz” Computer Security conference in Louisville, KY. Take a look at the following video to view the talk in its entirety. The rest of the conference videos are available here.