A Practical Attack Against VDI Solutions

Explore a Black Hat conference talk that exposes vulnerabilities in Virtual Desktop Infrastructure (VDI) solutions. Delve into a practical attack demonstration where researchers Daniel Brodie and Michael Shaulov reveal how malicious apps can exploit screen scraping techniques to compromise data security in VDI platforms. Learn about the architecture of VDI systems, their perceived security benefits, and how attackers can circumvent both client-side and server-side malware detection measures. Gain insights into mobile remote access trojans, government-grade malware, and surveillance tools used in these attacks. Witness a proof-of-concept demonstration and understand the implications for BYOD security strategies. Examine key findings, architectural vulnerabilities, and potential threats across Android and iOS devices.

Introduction
About MDM
Agenda
Disclaimer
Recap
Enablement
Device Loss DLP
VDI Marketing
VDI Architecture
Niche Players
Threats
Mobile Remote Access Trojan
HighLevel Example
Government Grade Malware
Surveillance Tools
Hacking Team
Research
MSpy
How Much
The Architecture
Key Findings
The Report
The Real Threat
Android
MacKinnon
Screen Recording
Communication
iOS Configuration Profiles
Demo
Summary