ANYCon Invited Talk
I have been invited to give a talk on my research at the upcoming ANYcon InfoSec and Hacking conference which will be held in Albany, NY from June 16th – 18th. This is a new conference bursting into the InfoSec scene, and is shaping up to be similar in size and spirit to other family oriented mainstream InfoSec conferences like DerbyCon and BSides. The talk abstracts are starting to pop up on the Agenda page, and my talk is listed in the Offensive Track.
HackCon#12 Invited Talk Trailer
The kind folks that organize the HackCon#12 conference made a “trailer” for my upcoming talk in Oslo, Norway.
Upcoming Invited Talk: HackCon#12 – Oslo, Norway
DEF CON 24 Presentation: VLAN Hopping, ARP Poisoning, & Man-in-the-Middle Attacks in Virtualized Environments
DEF CON 24 Talk Resources – VLAN Hopping, ARP Poisoning and Man-in-the-Middle Attacks in Virtualized Environments
We are aware that our presentation slides and white paper somehow went missing from the DEF CON 24 CD. They have been submitted for inclusion on the Media Server, but until then you can find the talk information, white paper, and slides at the following links:
Also note that all of the demo videos are below. Scroll down for detailed explanations of each test scenario, and links to all of the fully narrated YouTube videos.
Enjoy, and if you have any questions, or are looking for someone to assist in evaluating your environment against these attacks feel free to use the contact form to reach me.
The materials are now available on the DEFCON media server:
DEF CON 24 DEMO: Double Tagging VLAN Hopping Attack Between Two Virtual Networks With a Cisco 2950 Switch in the Middle
This post demonstrates the effects of using a double tagging vlan hopping attack to send an ICMP packet from a virtual machine located in one hypervisor environment to another virtual machine located in a separate hypervisor environment connected to the same physical switch. In this scenario the attacker is using a virtual Kali 2.0 system located within the Citrix XenServer hypervisor environment and targeting a virtual machine located on a separate VLAN within the ProxMox hypervisor environment.
This experiment was performed on seven different hypervisor/virtual network configurations in order to perform a systematic evaluation of the effects across all of the major enterprise level virtualization platforms. The following network diagram illustrates the configuration used for each of the experiments:
The following video walks through the attack process and results.