Hacking Virtual Appliances
Offered By: YouTube
Course Description
Overview
Explore the world of virtual appliance security in this 51-minute conference talk from Derbycon 2015. Delve into the intricacies of hacking virtual appliances, covering topics such as command injection, filesystem analysis, undocumented accounts, and silent patches. Learn about format string bugs, SUID binaries, and bootloader access vulnerabilities. Gain insights into vendor communication, disclosure timelines, and recommendations for improving security. Discover defensive strategies and contemplate esoteric thoughts on the evolving landscape of virtual appliance vulnerabilities.
Syllabus
Intro
Hacking Virtual Appliances
What I'm Not Talking About
What is a Virtual Appliance?
Important Distinction
Popular Vendors
Pros/Cons for Bug Hunting
Entertainment
Why is security so bad?
Command Injection
Filesystem Analysis 101
Undocumented Accounts
Silent Patches
Format String Bug
Crazy SUID Binaries + Remote
Password Litter
Bootloader Access
Vendor Communication
Brief Disclosure Timelines
Recommendations for Vendors
Playing Defense
Esoteric Thoughts
Things are heating up
Conclusion
The End
Related Courses
Computer SecurityStanford University via Coursera Cryptography II
Stanford University via Coursera Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera Building an Information Risk Management Toolkit
University of Washington via Coursera Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network