Training

32-hour specialized training focused on low-level aspects of hypervisor security. Attendees will get a holistic view of hypervisor and virtualization security from a professional attacker's perspective, and learn the foundational skills required to discover and analyze hypervisor vulnerabilities. Main objective of this course is to establish a solid base of capability for attacking and defending core hypervisor code systematically. This objective stands on three content pillars: generalized hypervisor system internals, state of the art attack surface models, and understanding the security vulnerabilities that affect hypervisors. All the general frameworks are abundantly exemplified with concrete case studies based on the code of popular hypervisors and impactful real-life hypervisor exploits. Materials of this course represent the author's original system of knowledge, and were obtained by a process of first-hand technical research: reverse engineering undocumented system internals, analyzing security patches, and generalizing concrete case studies into universal abstract models which enable knowledge transfer. This course is suitable for beginners in application security and software engineers. All the prerequisite theory is given as part of the course.

For more information about the course and administrative aspects, refer to the course syllabus (PDF).