Claudio Criscione (Principal Consultant, Secure Network S.r.l.)

Presentation Title Virtually Pwned – Pentesting VMWare
Presentation Abstract

Virtualization systems are nowadays ubiquitous in enterprises of any size. Penetration testers and security auditors, however, often overlook virtualization infrastructures, simply looking at the virtual machines without any direct analysis of the underlying solution. A different, new approach is required to assess such systems, defining new targets and new ways to get there.

This talk will outline a pen testing procedure which can be performed to attack virtualization infrastructures: VMware will be used as the demo target, leveraging VASTO (Virtualization ASsessment TOolkit) as the Metasploit powered attack platform of choice. Attendees will learn how to assess and secure their infrastructure, and what are the “hot areas” for security in modern enterprise level virtualization infrastructures.

About Claudio Criscione

Claudio Criscione managed to score his first hack at the age of 10, to download more contents from the local BBS bypassing ratio restrictions.

After that, he hacked his way to graduation at Milano TU (Politecnico di Milano) and started his PhD while working as the principal consultant at Secure Network. He has been involved in web application security and anomaly detection, and then moved into virtualization security to find a new toy. He has presented in various conferences, including BlackHat, CONFidence and Syscan, and he’s an editor at virtualization.info. He also actively mantains VASTO, the Virtualization ASsessment TOolkit.