Virtualisation Penetration Testing

virtualisation
Virtualisation is a technological revolution that separates functions from the underlying hardware and allows us to create a beneficial environment from conceptual resources. Attackers for malicious activity have targeted virtualisation technology. Intruders could arbitrate VM infrastructures, empowering them to access other VMs on the interconnected system and even the host.
OS Virtualization
0%
Apps Virtualization
0%
Full-Hardware Emulation
0%
Hardware Virtualization
0%

Types of Virtualisation

Virtualisation techniques and virtualised design-architectures propose an extra layer of execution, including their administrator role (virtualisation admin), which need precise management and security assurance.

Virtualisation Classification

Based on Virtualization, the classification of Virtualisation is categorised.
1. Operating System-Level virtualisation.
2. Application-Level Virtualisation.
3. Full-Hardware Emulation.
4. Hardware Virtualisation.
a. Full Virtualisation.
b. Para-Virtualisation.
c. Hardware-assisted Virtualisation.

VMware ESXi
0%
Citrix Xen Hypervisor
0%
Microsoft Hypervisor
0%
Dockers
0%
Virtuozzo
0%
OpenVZ
0%
Solaris Containers
0%
QEMU
0%
Kubernetes
0%

An operating system that supports various instances of isolated user-space, called containers. Each container can target a single application and install only the needed software and libraries to run this application. The host machine’s hardware resources are partitioned between different guest machines. The host OS deploys many instances of guest OSes, with a lightweight execution of the operating system or application. Resources are assigned to containers that represent a set of processes, files, and partitions. This strategy presents high performance, low overhead, and permits the execution of the same OS as the host machine. Examples of solutions supporting operating system-level virtualization include Docker, Virtuozzo, OpenVZ, and Solaris Containers.

It enhances programs’ portability between different software-hardware architectures. It is based on various components, including a portable language, a compiler between source code and an architecture-independent design (bytecode), a bytecode interpreter, and an execution environment that renders bytecode into low-level operations on the host machine. Examples of solutions supporting application-level virtualization include Java VM, Microsoft .NET, Perl, Python, and Ruby.

It is the strategy of executing an unmodified system (guest OS) in a separate host architecture. It emulates all features of a software system or device on a hardware platform with a diverse instruction set. Examples of solutions that support full hardware emulation include Bochs, QEMU, VirtualPC.

It defines a class of virtualization technologies in which a software system or device is executed on a hardware platform with the same instruction set. We note that there is not always a strict separation between hardware virtualization and emulation, since in some cases hardware emulators can be used for device virtualization. Hardware virtualization is further categorised into three classes as follows.

a. Full Virtualization.

b. Para-Virtualization.

c. Hardware-Assisted Virtualization.

Hardware Virtualization Types

The virtualization of (x86) systems by simulating the underlying hardware. The hardware is simulated in software by each virtual machine. The guest OS is completely segregated from the underlying hardware, access to which is mediated by the virtualization layer (virtual machine monitor). The guest OS runs unmodified with no need for hardware or operating-system support. Full virtualization can be based on a mix of binary translation of kernel code and direct execution of user-level code. Binary translation transforms and caches the kernel code that needs to be executed by the guest OS.

Examples of solutions supporting hardware virtualization include VirtualBox, Virtual PC, VMware, Win4Lin, Xen, and User Mode Linux.

The lightweight virtualization system where the hypervisor discloses hypercalls that can be directly called by a modified guest OS to simulate privileged instructions that are difficult to virtualize. The hypercalls implement a virtualized version of system calls and invoke the hypervisor’s services. They can be called by a modified guest OS through known APIs. Paravirtualization provides more excellent execution and lower overhead than full virtualization (it does not require emulation of system resources), at the cost of requiring changes to the guest operating system. Examples of solutions supporting paravirtualization include Xen, KVM/QEMU, and Win4Lin 9x.

It builds on hardware vendors’ efforts to provide new specialities to support virtualization techniques. Intel Virtualization Technology (VT-x) and AMD’s AMD-V were introduced midway through the first decade of the 2000s and provide a new execution mode that allows virtual machine monitors to run in a new privileged mode. It makes hardware extension available to the guest OS, providing better performance and reducing changes required by paravirtualization. Examples of solutions supporting hardware virtualization include VmwareWorkstation (64-bit), VirtualBox, Xen, KVM/QEMU, Parallels, and Microsoft Hyper-V.

Virtualization Attacks – The Guest OS

The guest OS is the starting point for numerous advances. Exploiting vulnerability in the guest or host OS may exhibit the system to the subsequent consequences. 

 Attack the VM or other VMs (direct attack): an adversary may exert benefit of simple access control or deliberate inter-VM relations. It depends on the host configuration and access control. 

 Attack the hypervisor: It commences in a guest OS and is hypervisor-dependent. Paravirtualized drivers, clipboard sharing, display output, and network traffic lead to creating this type of channel. 

 Attack the hardware on the host: hardware platforms often request firmware updates. An intruder could upload rogue firmware to support the initiative. 

 Attack the host architecture: The standard side-channel attack against a shared component.

The VENOM – Virtualized Environment Neglected Operations Manipulation vulnerability
A “guest-escape” vulnerability in famous opensource code. That produced several marketed virtualisation products, such as KVM, Xen Hypervisor and Oracle’s VirtualBox. It provides a buffer overflow in the software component that simulates floppy disk drives at the hypervisor level. Invaders inside any guest Virtual Machine (VMs) could get data and code from their siblings by digging into the host-operating-system memory space.
penetration testing methodologies
virtualisation Pen Test
Virtuali Machine Image Isolation
VMs must be isolated from each other. Poor administration over VM deployments leads to isolation breaches in which VMs communicate. Intruders exploit this virtual drawbridge to obtain access to multiple guests and possibly the host.
Improper Authentication
It comprises of authentication, authorization, user management, and communication between end-points vulnerabilities. The inappropriate credential types or verification mechanisms, such as using password-based authentication instead of certificates in highly dynamic environments or using inadequate registration mechanisms or vulnerabilities in the authentication processes.
Credentials Harvest in the Virtualization
Virtualized environments exacerbate this vulnerability crowd because they share unprotected transportation channels, enhancing the number of threat actors that may be able to harvest credentials.
Privilege Escalation in the Virtualization
This security gap is accentuated by the complexity of the privileges and multiplicity of administrative layers needed for a virtualized environment.
Race Conditions in the Virtualization
The existence of numerous independently-managed, asynchronous components mandates carefully designing and implementing mechanisms to manage such situations. Code sequences require temporary, exclusive access to shared resources.
VM Sprawl
The unplanned proliferation of VMs. Adversaries benefit from the poorly monitored resources. More deployments also mean more failure points, so sprawl can cause problems even if no anomaly is involved.
Hyperjacking Virtual Machines
Hyperjacking is a real-world threat, and virtualization administrators should take the offensive plan for it.
It takes control of the hypervisor to gain access to the VMs and their data. It is typically launched against type 2 hypervisors that run over a host OS.
VM Escape
A guest OS escapes from its VM encapsulation to interact directly with the hypervisor. This gives the intruder access to all VMs and, if guest privileges are high enough, the host system as well.
Virtual Machine DDoSing
The attacks exploit many virtual machine platforms and range from flooding a network with traffic to complex leveraging of a host’s own resources.
Virtuali Machine Image Injection
VM image injection or template injection. The lack of verification of user-controlled input. They are often not well-tackled since the users involved frequently have administration-level permissions.
benefits of pen testing

virtualisation

  • Minimise the risk of Competitive Intelligence Gathering.
  • Mitigate CyberCriminal intrusions.
  • Mitigate Script-Kiddies Attacks.
  • Information Security Assurance from Insider Threats.
  • Prevent Costly Data breaches.