Advanced x86: Virtualization with
Intel VT-x
Creator: David Weinstein @insitusec
License: Creative Commons: Attribution, Share-Alike
(http://creativecommons.org/licenses/by-sa/3.0/)
Class Prerequisites: Intermediate x86
Lab Requirements: Requires a Windows system with Visual C++ Express Edition, Windows DDK or WDK kernel compilation surroundings, and WinDbg. Requires a Windows visitor OS operating in VMWare Player or VMWare Server in an effort to do kernel debugging with WinDbg from the host OS.
Class Textbook: None
Recommended Class Duration: 2-3 days
Creator Available to Teach In-Person Classes: Yes
Author Comments:
The function of this course is to offer a palms on introduction to Intel {hardware} assist for virtualization. The first half will encourage the challenges of virtualization within the absence of devoted {hardware}. This is adopted by a deep dive on the Intel virtualization “API” and labs to start implementing a blue tablet / hyperjacking assault made well-known by researchers like Joanna Rutkowska and Dino Dai Zovi et al. Finally a dialogue of virtualization detection strategies.
Hopefully after this course the scholar will be capable to establish, perceive, and implement numerous hypervisor ideas. As virtualization is a strong device, it is extremely vital to grasp its strengths and weaknesses. The creator believes that hands-on expertise with virtualization is sensible and accessible, significantly when introduced alongside different Open Security Training supplies.
Class Materials
All Materials (.zip of ppt(269 slides), pdf(manuals), visible studio(code) recordsdata)
All Materials (.zip of odp(269 slides), pdf(manuals), visible studio(code) recordsdata)
All Materials (.zip of pdf(269 slides), pdf(manuals), visible studio(code) recordsdata)
Slides Part 1 (Historical perspective and fundamentals, 69 slides)
Slides Part 2 (Technical deep dive, 162 slides)
Slides Part 3 (Detection strategies/countermeasures, 38 slides)
PDFs of tangible variations of Intel Manuals cited within the slides
Code templates for options to labs discovered within the course slides.
Virtdbg is a POC kernel debugger benefiting from {hardware} virtualization know-how. https://code.google.com/p/virtdbg/
Loadable Kernel Module for Linux that creates a /dev/vmm and is used as an actual mode container for experimenting with 16-bit code.
Revision History:
09-08-2012 – Initial class content material add
If you will have used and modified this materials, we might admire it if you happen to submit your modified model for publishing right here, so that each one variations can profit out of your adjustments.
…. to be continued
Read the Original Article
Copyright for syndicated content material belongs to the linked Source : Hacker News – https://opensecuritytraining.info/AdvancedX86-VTX.html