No Fluff Stories Part 1: Your Hypervisor is (un)Safe and (in)Secure.
2023-09-09, 16:00–17:00 (Europe/Berlin), Tesla

The scale of ransomware campaigns targeting commercial infrastructure, including enterprise-scale ones, and the extent of damage proof that ransomware threat actors gained (some) competence in virtual environments based not only on Hyper-V (Microsoft), but also on ESXi (VMware). VMware-based environments were the last line of defence (and hope)o, as there was only a few ransomware that could be executed on the hypervisor and corrupt the VMDK files (on the VMFS, which is a different file system than NTFS, etc.). The recent esxiArgs campaign shows that an unpatched environment with a published management interface is a risk.

We will talk about:-
- attack vectors on the hypervisor from both outside and inside,
- real incidents we handled,
- damage after ransomware and third-party remediation that we repaired.

There will be a live demo on our own infrastructure that travels with us.

Just an engineer who specializes in incident handling and increases the cyber resilience of IT systems. I handled and advised on ransomware incidents around the world, contributing to the state-level cybersecurity standards and guidelines.

The most direct person you will meet in your life. Not a cybercelebrity.

Cybersecurity researcher mainly interested in infrastructure security and exploitation. I also perform malware analysis and post-incident analysis.