Twitter | Search | |
Mike Foley
Husband, Dad, Geek, Inventor. This is my account full of PERSONAL views. Follow for VMware stuff. This is NOT my 1st rodeo
43,729
Tweets
448
Following
5,180
Followers
Tweets
Mike Foley 9h
Replying to @MattOnThePier
On my son’s Hoverboard! haha
Reply Retweet Like
Mike Foley 20h
Replying to @coolsport00
Yea, I just watched. Stuff like that is WAY behind me.
Reply Retweet Like
Mike Foley 21h
Replying to @vBrianGraf
Reply Retweet Like
Mike Foley Aug 22
Probably one of the coolest VM security sessions at VMworld is “SGX Secure Enclaves:The Future of Application Security in the Cloud” It will give you a good idea of where things are heading & what we are investigating. Check it out if you’re at VMworld!
Reply Retweet Like
Mike Foley Aug 22
I may be able to land an F-35 on this when it’s done.
Reply Retweet Like
Mike Foley Aug 22
Replying to @gtvansiclen
That’ll be the finishing coat…
Reply Retweet Like
Mike Foley Aug 22
New driveway and walkway to is going in today.
Reply Retweet Like
Mike Foley Aug 22
In vSphere 6.7U3 only members of the Administrators group can change VC plugin settings. This is a (good) change from previous versions. If developing your own plugin you can still add custom RBAC roles. This change is for those plugins that don’t have separate RBAC controls.
Reply Retweet Like
Mike Foley Aug 22
That was awesome and beyond cute.. .Well done Mom!!
Reply Retweet Like
Mike Foley Aug 20
That assumes that all VM Escape attempts take the same/similar paths. That would be an incorrect assumption.
Reply Retweet Like
Mike Foley Aug 19
I’ve seen the deer in the headlights look when I tell folks an ESXi host can join a domain and it’s using AD’s kerberos to secure the connection.
Reply Retweet Like
Mike Foley Aug 19
You need to find a way out of the sandbox for that to happen. FYI: All shell commands get written to shell.log AND get send out via syslog.
Reply Retweet Like
Mike Foley Aug 19
Replying to @plankers @randomuserid
I was just going to say the same thing.. Plus, it’s dinner time..
Reply Retweet Like
Mike Foley Aug 19
Replying to @randomuserid @plankers
Kudos for the BSG reference..
Reply Retweet Like
Mike Foley Aug 19
Replying to @randomuserid @plankers
And I believe that depending on a shell popping up on the hypervisor is extremely difficult and that attacks may be more sophisticated. Hypervisor hardening (like VM Sandbox) combined w/Secure Boot & then layer on AppDefense protects the entire stack & more detection capability
Reply Retweet Like
Mike Foley Aug 19
Replying to @plankers @randomuserid
Yea, exactly.. You won’t find a hard/fast method here Craig. It’s a multi-faceted issue with numerous attack vectors being attempted. While one may be detected there’s nothing saying another won’t be.
Reply Retweet Like
Mike Foley Aug 19
Replying to @randomuserid
Ok, so patching the host means she gets an error when trying to use the exploit. And an unpatched host would obviously not give that error. Has she considered trying to reach out to our security response folks for more guidance?
Reply Retweet Like
Mike Foley Aug 19
Replying to @randomuserid
What version is she running? Is she looking at the vmkernel logs? What is she attempting to actually do?
Reply Retweet Like
Mike Foley Aug 19
Replying to @randomuserid
If someone it attempting something on a VM that is rooted and start running into VM Sandbox roadblock then VMkernel will be sending out “access denied due to security policy” type messages. That’s what I would be monitoring for and then go investigate the VM, not the hypervisor
Reply Retweet Like
Mike Foley Aug 19
Replying to @randomuserid
I would suggest you read Zhao’s USENIX paper..
Reply Retweet Like