Quoted below are anonymized extracts of private feedback from our students with their subjective impressions that may help prospective attendees to better understand the training experience.
"It was empowering. Not only did I feel like I learned an enormous amount, but by the end I felt confident I knew how to start looking for real vulnerabilities in virtualization systems."
"I had an amazing time in the training. I feel like a lot of the knowledge I had was clarified in the training and is now more organized. Of course I also learned a lot of new stuff and it was really interesting and useful."
"It is a well written training, both the materials/slides and exercises are all well designed. I also really appreciated the knowledge you showed in the training, it is clear you have a lot of experience in hypervisor research and it was great to learn from you."
"I feel like the fact that a big part of the training was to show how to research and explain your methodology was really good, it was useful to learn how to approach a problems/research objective when it comes to different attack vectors."
"I really like the more technical parts – e.g. different IO options, how hardware virtualization works, OS ABC, MMU virtualization, I found them more interesting than the specifics of a certain hypervisor. Also liked the part where you compare different vulnerability types, and how the type recent vulnerabilities indicate the kind of scrutiny a project has seen."
"[I learned that] finding bugs in virtualization systems is achievable. Before doing this course hypervisor exploitation seemed like an unknowable thing that was just "too hard". I don't have anyone in my professional network or friend groups that knows anything about it, and information online is scarce. Learning from your course, and especially performing the exercises, has given me the confidence to dive in and start looking for bugs."
"The processes and workflows that you demonstrated. Particularly during your walkthroughs of the exercises, it was incredibly valuable to see and hear your own methodology for completing each example. The exercises themselves where also a fantastic learning tool."
"Here is what I loved about the whole thing:
* Well organized content, with a good order of things.
* A decent balance of theory and hands-on (I'm probably biased to hands-on).
* Pomodoro, time boxing, neural net.. liked the meta-learning touch there.
* Discussions on threat models, vuln discovery strategies, potential fuzzing designs."
"Loved the 25 minutes exercises, really intense and gets you involved."