Virtualization security Generalized deep technical
● https://www.cs.ucr.edu/~heng/pubs/VDF_raid17.pdf
● https://www.ernw.de/download/xenpwn.pdf
● https://www.blackhat.com/docs/eu-16...tual-Device-Fuzzing-Framework-With-AFL-wp.pdf
● https://www.syssec.ruhr-uni-bochum....entlichungen/2020/02/07/Hyper-Cube-NDSS20.pdf
● https://www.troopers.de/downloads/t...ing_hypervisor_through_hardwear_emulation.pdf
Quality reference - system internals & vulndev primitives
● https://www.exploit-db.com/docs/eng...-on-vulnerabilities-of-hypercall-handlers.pdf
● https://census-labs.com/media/straightouttavmware-wp.pdf
● https://www.blackhat.com/docs/eu-17...tudy-Of-Vmware-G2H-Escape-Vulnerabilities.pdf
Frontiers: Hyper-V, ESXi, speculative execution
● https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/index.html
● https://www.usenix.org/system/files/woot19-paper_zhao.pdf
● https://blogs.technet.microsoft.com...anted-to-know-about-sr-iov-in-hyper-v-part-1/
● https://www.blackhat.com/presentati...tation/BH07_Baker_WSV_Hypervisor_Security.pdf (2007!)
● https://github.com/Microsoft/MSRC-Security-Research/blob/master/presentations/2019_02_OffensiveCon/2019_02 - OffensiveCon - Growing Hypervisor 0day with Hyperseed.pdf
● https://blogs.technet.microsoft.com/srd/2019/01/28/fuzzing-para-virtualized-devices-in-hyper-v/
● https://docs.microsoft.com/en-us/archive/blogs/jhoward/hyper-v-generation-2-virtual-machines-part-1
● https://i.blackhat.com/us-18/Thu-Au...per-V-Through-Offensive-Security-Research.pdf
References
● Intel® 64 and IA-32 Architectures Software Developer’s Manual Combined Volumes: 1, 2A, 2B, 2C, 2D, 3A, 3B, 3C, 3D and 4
software.intel.com
● TLFS: Microsoft Hypervisor Top Level Functional Specification
● Hyper-V Architecture
● Enhanced Session Mode
● Overview of Remote NDIS
● [MS-RNDIS]
Taken from
[GreHack 2024] Attacking hypervisors - A practical case
● https://www.cs.ucr.edu/~heng/pubs/VDF_raid17.pdf
● https://www.ernw.de/download/xenpwn.pdf
● https://www.blackhat.com/docs/eu-16...tual-Device-Fuzzing-Framework-With-AFL-wp.pdf
● https://www.syssec.ruhr-uni-bochum....entlichungen/2020/02/07/Hyper-Cube-NDSS20.pdf
● https://www.troopers.de/downloads/t...ing_hypervisor_through_hardwear_emulation.pdf
Quality reference - system internals & vulndev primitives
● https://www.exploit-db.com/docs/eng...-on-vulnerabilities-of-hypercall-handlers.pdf
● https://census-labs.com/media/straightouttavmware-wp.pdf
● https://www.blackhat.com/docs/eu-17...tudy-Of-Vmware-G2H-Escape-Vulnerabilities.pdf
Frontiers: Hyper-V, ESXi, speculative execution
● https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/index.html
● https://www.usenix.org/system/files/woot19-paper_zhao.pdf
● https://blogs.technet.microsoft.com...anted-to-know-about-sr-iov-in-hyper-v-part-1/
● https://www.blackhat.com/presentati...tation/BH07_Baker_WSV_Hypervisor_Security.pdf (2007!)
● https://github.com/Microsoft/MSRC-Security-Research/blob/master/presentations/2019_02_OffensiveCon/2019_02 - OffensiveCon - Growing Hypervisor 0day with Hyperseed.pdf
● https://blogs.technet.microsoft.com/srd/2019/01/28/fuzzing-para-virtualized-devices-in-hyper-v/
● https://docs.microsoft.com/en-us/archive/blogs/jhoward/hyper-v-generation-2-virtual-machines-part-1
● https://i.blackhat.com/us-18/Thu-Au...per-V-Through-Offensive-Security-Research.pdf
References
● Intel® 64 and IA-32 Architectures Software Developer’s Manual Combined Volumes: 1, 2A, 2B, 2C, 2D, 3A, 3B, 3C, 3D and 4
Intel® 64 and IA-32 Architectures Software Developer Manuals
These manuals describe the architecture and programming environment of the Intel® 64 and IA-32 architectures.
software.intel.com
Hyper-v Architecture
Describes the Hyper-V architecture and its role in virtualization and provides an overview and glossary of the architecture.
docs.microsoft.com
Share devices with Windows virtual machines
See how to share devices with Hyper-V virtual machines. Find out how to give a virtual machine access to USB devices, audio, microphones, and mounted drives.
docs.microsoft.com
Overview of Remote NDIS (RNDIS) - Windows drivers
RNDIS eliminates the need for hardware vendors to write an NDIS miniport driver for a network device attached to the USB bus.
docs.microsoft.com
https://winprotocoldoc.blob.core.windows.net/productionwindowsarchives/WinArchive/%5bMS-RNDIS%5d.pdf
● SLP: Service Location Protocol specification
Taken from
[GreHack 2024] Attacking hypervisors - A practical case
Последнее редактирование: