Virtual Machines

A VM should be a totally isolated system, one VM should not be able to access resources and ata from another VM unless it is strictly configured. The hypervisor is the entity that controls and manages the VMs, there are two types of hypervisors:

• Type 1 hypervisors (also known as native or bare-metal hypervisors) run directly on the physical system. Examples of this are VMware ESXi, Proxmox Virtual Environment, Xen and Hyper-V.

• Type 2, or hosted, hypervisors run on top of other OS', examples of this are VirtualBox, VMWare Player or Workstation.

Virtual systems are susceptible to many vulnerabilities including:

• VM Escape Vulnerabilities: Allow an attacker to "escape" the VM and access other virtual machines or the system, or access the hypervisor directly.

• Hyperjacking: Allows an attacker to control the hypervisor. Often requires the installation of a fake or malicious hypervisor that manages the entire environment. Hyperjacking can be achieved by injecting a rogue hypervisor underneath the original or by directly obtaining control of the original hypervisor.

• VM Repository Vulnerabilities: Attackers have found ways to upload fake or impersonating VMs with malicious software or backdoors, these ready-to-use VMs are deployed by the victims and allow attackers to manipulate their data.