Hacking Virtual Appliances
Offered By: YouTube
Course Description
Overview
Explore the world of virtual appliance security in this 51-minute conference talk from Derbycon 2015. Delve into the intricacies of hacking virtual appliances, covering topics such as command injection, filesystem analysis, undocumented accounts, and silent patches. Learn about format string bugs, SUID binaries, and bootloader access vulnerabilities. Gain insights into vendor communication, disclosure timelines, and recommendations for improving security. Discover defensive strategies and contemplate esoteric thoughts on the evolving landscape of virtual appliance vulnerabilities.
Syllabus
Intro
Hacking Virtual Appliances
What I'm Not Talking About
What is a Virtual Appliance?
Important Distinction
Popular Vendors
Pros/Cons for Bug Hunting
Entertainment
Why is security so bad?
Command Injection
Filesystem Analysis 101
Undocumented Accounts
Silent Patches
Format String Bug
Crazy SUID Binaries + Remote
Password Litter
Bootloader Access
Vendor Communication
Brief Disclosure Timelines
Recommendations for Vendors
Playing Defense
Esoteric Thoughts
Things are heating up
Conclusion
The End
Related Courses
Building Geospatial Apps on Postgres, PostGIS, & Citus at Large ScaleMicrosoft via YouTube Unlocking the Power of ML for Your JavaScript Applications with TensorFlow.js
TensorFlow via YouTube Managing the Reactive World with RxJava - Jake Wharton
ChariotSolutions via YouTube What's New in Grails 2.0
ChariotSolutions via YouTube Performance Analysis of Apache Spark and Presto in Cloud Environments
Databricks via YouTube