Exploits targeting hypervisors are at an all-time high. Enterprise virtualization is a prime target for threat groups due to valuable data and the challenges associated with preventing escape to host attacks. This has been validated with the recent ATT&CK v17 update, where MITRE introduced an entirely new matrix for ESXi.
This revolutionary change brings to attention existing risks and possible compliance implications in security for many enterprises. Gabe Dimeglio, CISO of Rimini Street, and Austin Gadient, CTO & Cofounder of Vali Cyber, will discuss MITRE’s logic for this change, looking closely at the threat landscape and in particular the 4 unique techniques MITRE noted for ESXi:
- T1675: ESXi Administration Control
- T1059.12: Command and Scripting Interpreter: Hypervisor CLI
- T1505.006: Server Software Component: vSphere Installation Bundles
- T1673: Virtual Machine Discovery
We will dive into what these techniques mean, featuring demos of real-world attack chains where the techniques were leveraged.
Speaker: Austin Gadient, CTO & Cofounder, Vali Cyber