Virtual Machine Introspection – a Way to Track an Attacker in the Cloud
Author: Nazar Tymoshyk
With modern world moving into the cloud, Virtual Machine Introspection is becoming a new promising approach of tracking attackers as well as full user activities monitoring in datacenter using virtualization. In this report, the speaker will present how to resolve and implement VMI approach for VirtualBox for honeypot project and enable feature to grab all activities of hacker or insider. VMI is like keylogger that is able to control all hosted virtual machines on hypervisor level. The talk will also uncover how existing cloud providers may use and track all cloud instances on Amazon and Rackspace.
Software Security Engineer and senior Penetration tester, worked in different Ukrainian outsourcing companies like SoftServe, Eleks, Symphony-Solutions. Specialized in web and mobile application security, but main direction of research was honeypot systems as approach for early attack detection. Lead of OWASP local community in Lviv. Author of owasp-lviv.blogspot.com. Ph.D. in Information Security. Certified Ethical Hacker.