2024-09-26 –, Main Track
This talk will look at hypervisors as an enduring vulnerability research target. To maintain working
exploits, any enduring target needs a number of things that favour a research team:
- The target has a complex code base and a large enough attack surface that the bug supply is sustainable
- Attackers have the ability to interact with the target so that it makes reliable exploitation generally feasible (to perform heap grooming, use the results of infoleaks etc.)
- The target has some useful effect to attackers when a security boundary is violated (privescs, hypervisor escapes, etc.)
- The target has a level of ubiquity (i.e., an effect is generally of value)
Silvio will discuss bugs that he and others at InfoSect have found in hypervisors.
Dr Silvio Cesare is a founder and Director at InfoSect, a vulnerability research company. He is also one of the 2 founders of BSides Canberra. Silvio has worked in technical roles and been involved in computer security for over 29 years.
This period includes time in Silicon Valley in the USA, France, and Australia. He has worked commercially in both defensive and offensive roles within engineering.
He was previously the Director for Education and Training at UNSW Canberra Cyber, ensuring quality content and delivery. In his early career, he was the lead architect and developer for the startup Qualys, now the industry standard in vulnerability management. He has a Ph.D. from Deakin University and has published in academia, having been cited over 800 times on google scholar. He is a 4-time speaker and also a trainer at the international industry leading Black Hat conference.
He has taken his University research through commercialisation and authored a book (Software Similarity and Classification, published by Springer).