DEF CON 16 – John Fitzpatrick: Virtually Hacking

DEF CON 16 – John Fitzpatrick: Virtually Hacking
Own the VMware box and you get half the servers on the network for free. Although, depending on the VMware server’s configuration, whether you want to be stealthy about it and whether you want to avoid any disruption it may not always be quite that simple. During this talk we will take a look at ways of jumping from a server to guest OS without causing any disruption and also some tools for assessing the security posture of VMware products.

With VMware becoming an integral part of many networks it is important that the security level of its deployment is assessed appropriately. Without the right tools to do the job this can be a slow and painful task; with the right tools you can have a lot of fun. I’ll demo some tools which I have been working on that harness the power of dradis and make testing and possibly owning VMware servers and VMs a virtually painless task.

John Fitzpatrick is an information security consultant working in the UK for MWR InfoSecurity performing penetration and application tests. His primary interests are in searching for security issues in anything that might make a network a playground and in writing code that does fun things. John is always researching some protocol, software or technology, generally with the goal of breaking it or finding a new interesting attack vector; most recently this research has been targeted towards VMWare. He is also highly experienced in a technique which enables him to code all night and still turn up to work in the mornings.

For copies of the slides and additional materials please see the DEF CON 16 Archive here:

source by DEFCONConference

windows server dhcp vlan


Léa LOPEZ, Telecom System Administrator, Ambala College of Engineering and Applied Research, Ambala (INDIA)

Leave a Reply

Your email address will not be published. Required fields are marked *