Cybersecurity researcher mainly interested in infrastructure security and exploitation. I also perform malware analysis and post-incident analysis.
The scale of ransomware campaigns targeting commercial infrastructure, including enterprise-scale ones, and the extent of damage proof that ransomware threat actors gained (some) competence in virtual environments based not only on Hyper-V (Microsoft), but also on ESXi (VMware). VMware-based environments were the last line of defence (and hope)o, as there was only a few ransomware that could be executed on the hypervisor and corrupt the VMDK files (on the VMFS, which is a different file system than NTFS, etc.). The recent esxiArgs campaign shows that an unpatched environment with a published management interface is a risk.