SlideShare a Scribd company logo

How to hack VMware vCenter server in 60 seconds

β€’Download as PPT, PDFβ€’
β€’
Positive Hack Days
Positive Hack Days
Technology
1 of 17
How to hack VMware vCenter server in 60 seconds Alexey Sintsov Alexander Minozhenko
Hijacking VMware @asintsov @al3xmin β€’ Pen-testers at Digital Security β€’ Researchers β€’ DCG#7812 / Zeronights β€’ FUN, FUN, FUN Β© 2002β€”2012, Digital
Hijacking VMware Our target Β© 2002β€”2012, Digital
Hijacking VMware VMware vCenter Server β€’ VMware vCenter Server is solution to manage VMware vSphere β€’ vSphere – virtualization operating system Β© 2002β€”2012, Digital
Hijacking VMware Pen-test… β€’ Vmware vCenter version 4.1 update 1 Services: β€’ Update Manager β€’ vCenter Orchestrator β€’ Chargeback β€’ Other β€’ Most of those services has web server Β© 2002β€”2012, Digital
Hijacking VMware VASTO and CVE-2009-1523 β€’ Directory traversal in Jetty web server http://target:9084/vci/download/health.xml/%3f/../../../../FILE β€’ Discovered by Claudio Criscione β€’ Fixed in VMware Update Manager 4.1 update 1 :( β€’ Who want to pay me for 0day? β€’ Pentester is not resercher? Β© 2002β€”2012, Digital
Hijacking VMware 8( Β© 2002β€”2012, Digital
Hijacking VMware CVE-2010-1870 β€’ VMware vCenter Orchestrator use Struts2 version 2.11 discovered by Digital Defense, Inc β€’ CVE-2010-1870 Struts2/XWork remote command execution discovered by Meder Kydyraliev Fixed in 4.2 Β© 2002β€”2012, Digital
Hijacking VMware Details β€’Struts2 does not properly escape β€œ#” β€’Could be bypass with unicode β€œu0023” β€’2 variables need to be set for RCE β€’#_memberAccess['allowStaticMethodAccess'] β€’#context['xwork.MethodAccessor.denyMethodExecution'] Β© 2002β€”2012, Digital
Hijacking VMware But what about us? β€’ Directory traversal in Jetty web server … AGAIN! http://target:9084/vci/download/.%5C..%5C..%5C..%5C..%5C..%5C..%5C.. %5C..FILE.EXT β€’Metasploit module vmware_update_manager_traversal.rb by sinn3r β€’ We can read any file! But what Claudio Criscione propose to read vpxd-profiler-* - /SessionStats/SessionPool/Session/Id='06B90BCB-A0A4-4B9C-B680- FB72656A1DCB'/Username=β€žFakeDomainFakeUser'/SoapSession/Id='A Sorry, patched in 4.1! D45B176-63F3-4421-BBF0-FE1603E543F4'/Count/total 1 Contains logs of SOAP requests with session ID !!! Discovered by Alexey Sintsov 8) Β© 2002β€”2012, Digital
Hijacking VMware Attack #1 β€’ Read vpxd-profiler via traversal… β€’ Get Admin’s IP addresses from it… β€’ Read secret SSL key http://target:9084/vci/downloads/...............Documents and SettingsAll UsersApplication DataVMwareVMware VirtualCenterSSLrui.key β€’ ARP-SPOOF with SSL key - PROFIT Β© 2002β€”2012, Digital
Hijacking VMware VMware vCenter Orchestrator β€’ Vmware vCO – software for automate configuration and management β€’ Install by default with vCenter β€’ Have interesting file C:Program filesVMwareInfrastructureOrchestratorconfigurationj ettyetcpasswd.properties Β© 2002β€”2012, Digital
Hijacking VMware VMware vCenter Orchestrator Password disclosure Read hash -> crack MD5 -> log on into Orch. -> get vCenter pass Β© 2002β€”2012, Digital
Hijacking VMware VMware vCenter Orchestrator – more stuff β€’ vCO stored password at files: β€’ C:Program FilesVMwareInfrastructureOrchestratorapp- <virtual-infrastructure-host serverservervmoconfpluginsVC.xml <enabled>true</enabled> β€’ C:Program FilesVMwareInfrastructureOrchestratorapp- <url>https://new-virtual-center-host:443/sdk</url> <administrator-username>vmware</administrator-username> serverservervmoconfvmo.properties <administrator- password>010506275767b74786b383a4a60be767864740329d5fcf 324ec7fc98b1e0aaeef </administrator-password> <pattern>%u</pattern> </virtual-infrastructure-host> Β© 2002β€”2012, Digital
Hijacking VMware Hmmm…. 006766e7964766a151e213a242665123568256c4031702d4c78454e5b575 f60654b vmware 00776646771786a783922145215445b62322d1a2b5d6e196a6a712d712e2 4726079 vcenter β€’ Red bytes look like length β€’ Green bytes in ASCII range β€’ Black bytes random Discovered by Alexey Sintsov and Alexander Minozhenko Β© 2002β€”2012, Digital
Hijacking VMware 0day still not patched 8) Β© 2002β€”2012, Digital
Hijacking VMware gg and bb a.sintsov@dsec.ru @asintsov a.minozhenko@dsec.ru @al3xmin Β© 2002β€”2012, Digital

Recommended

Apache NiFi Record Processing
Apache NiFi Record ProcessingApache NiFi Record Processing
Apache NiFi Record Processing
Bryan Bende
Β 
File Format Benchmark - Avro, JSON, ORC & Parquet
File Format Benchmark - Avro, JSON, ORC & ParquetFile Format Benchmark - Avro, JSON, ORC & Parquet
File Format Benchmark - Avro, JSON, ORC & Parquet
DataWorks Summit/Hadoop Summit
Β 
OHDSI CDM Presentation
OHDSI CDM PresentationOHDSI CDM Presentation
OHDSI CDM Presentation
Amritansh .
Β 
What's New in Apache Hive
What's New in Apache HiveWhat's New in Apache Hive
What's New in Apache Hive
DataWorks Summit
Β 
Apache NiFi Crash Course Intro
Apache NiFi Crash Course IntroApache NiFi Crash Course Intro
Apache NiFi Crash Course Intro
DataWorks Summit/Hadoop Summit
Β 
CDC Stream Processing with Apache Flink
CDC Stream Processing with Apache FlinkCDC Stream Processing with Apache Flink
CDC Stream Processing with Apache Flink
Timo Walther
Β 
Multiple Flat Files(CSV) to Target Table in ODI12c(12.2.1.0.0)
Multiple Flat Files(CSV) to Target Table in ODI12c(12.2.1.0.0)Multiple Flat Files(CSV) to Target Table in ODI12c(12.2.1.0.0)
Multiple Flat Files(CSV) to Target Table in ODI12c(12.2.1.0.0)
Darshankumar Prajapati
Β 
NiFi Developer Guide
NiFi Developer GuideNiFi Developer Guide
NiFi Developer Guide
Deon Huang
Β 

Recommended

Apache NiFi Record Processing
Apache NiFi Record ProcessingApache NiFi Record Processing
Apache NiFi Record Processing
Bryan Bende
Β 
File Format Benchmark - Avro, JSON, ORC & Parquet
File Format Benchmark - Avro, JSON, ORC & ParquetFile Format Benchmark - Avro, JSON, ORC & Parquet
File Format Benchmark - Avro, JSON, ORC & Parquet
DataWorks Summit/Hadoop Summit
Β 
OHDSI CDM Presentation
OHDSI CDM PresentationOHDSI CDM Presentation
OHDSI CDM Presentation
Amritansh .
Β 
What's New in Apache Hive
What's New in Apache HiveWhat's New in Apache Hive
What's New in Apache Hive
DataWorks Summit
Β 
Apache NiFi Crash Course Intro
Apache NiFi Crash Course IntroApache NiFi Crash Course Intro
Apache NiFi Crash Course Intro
DataWorks Summit/Hadoop Summit
Β 
CDC Stream Processing with Apache Flink
CDC Stream Processing with Apache FlinkCDC Stream Processing with Apache Flink
CDC Stream Processing with Apache Flink
Timo Walther
Β 
Multiple Flat Files(CSV) to Target Table in ODI12c(12.2.1.0.0)
Multiple Flat Files(CSV) to Target Table in ODI12c(12.2.1.0.0)Multiple Flat Files(CSV) to Target Table in ODI12c(12.2.1.0.0)
Multiple Flat Files(CSV) to Target Table in ODI12c(12.2.1.0.0)
Darshankumar Prajapati
Β 
NiFi Developer Guide
NiFi Developer GuideNiFi Developer Guide
NiFi Developer Guide
Deon Huang
Β 
Keynote Oracle Fusion Middleware Summit_2020
Keynote Oracle Fusion Middleware Summit_2020Keynote Oracle Fusion Middleware Summit_2020
Keynote Oracle Fusion Middleware Summit_2020
Michel Schildmeijer
Β 
Dataflow with Apache NiFi
Dataflow with Apache NiFiDataflow with Apache NiFi
Dataflow with Apache NiFi
DataWorks Summit/Hadoop Summit
Β 
Introduction to data flow management using apache nifi
Introduction to data flow management using apache nifiIntroduction to data flow management using apache nifi
Introduction to data flow management using apache nifi
Anshuman Ghosh
Β 
DevOps for Data Engineers - Automate Your Data Science Pipeline with Ansible,...
DevOps for Data Engineers - Automate Your Data Science Pipeline with Ansible,...DevOps for Data Engineers - Automate Your Data Science Pipeline with Ansible,...
DevOps for Data Engineers - Automate Your Data Science Pipeline with Ansible,...
Mihai Criveti
Β 
Road to NODES - Handling Neo4j Data with Apache Hop
Road to NODES - Handling Neo4j Data with Apache HopRoad to NODES - Handling Neo4j Data with Apache Hop
Road to NODES - Handling Neo4j Data with Apache Hop
Neo4j
Β 
ORC File and Vectorization - Hadoop Summit 2013
ORC File and Vectorization - Hadoop Summit 2013ORC File and Vectorization - Hadoop Summit 2013
ORC File and Vectorization - Hadoop Summit 2013
Owen O'Malley
Β 
Talend Big Data Tutorial | Talend DI and Big Data Certification | Talend Onli...
Talend Big Data Tutorial | Talend DI and Big Data Certification | Talend Onli...Talend Big Data Tutorial | Talend DI and Big Data Certification | Talend Onli...
Talend Big Data Tutorial | Talend DI and Big Data Certification | Talend Onli...
Edureka!
Β 
Analytics and Lakehouse Integration Options for Oracle Applications
Analytics and Lakehouse Integration Options for Oracle ApplicationsAnalytics and Lakehouse Integration Options for Oracle Applications
Analytics and Lakehouse Integration Options for Oracle Applications
Ray FΓ©vrier
Β 
Druid: Sub-Second OLAP queries over Petabytes of Streaming Data
Druid: Sub-Second OLAP queries over Petabytes of Streaming DataDruid: Sub-Second OLAP queries over Petabytes of Streaming Data
Druid: Sub-Second OLAP queries over Petabytes of Streaming Data
DataWorks Summit
Β 
Relational Databases to Riak
Relational Databases to RiakRelational Databases to Riak
Relational Databases to Riak
Basho Technologies
Β 
How to Build the Data Mesh Foundation: A Principled Approach | Zhamak Dehghan...
How to Build the Data Mesh Foundation: A Principled Approach | Zhamak Dehghan...How to Build the Data Mesh Foundation: A Principled Approach | Zhamak Dehghan...
How to Build the Data Mesh Foundation: A Principled Approach | Zhamak Dehghan...
HostedbyConfluent
Β 
Postgres vs Elasticsearch while enriching data - Vlad Somov | Ruby Meditaiton...
Postgres vs Elasticsearch while enriching data - Vlad Somov | Ruby Meditaiton...Postgres vs Elasticsearch while enriching data - Vlad Somov | Ruby Meditaiton...
Postgres vs Elasticsearch while enriching data - Vlad Somov | Ruby Meditaiton...
Ruby Meditation
Β 
Introduction to Map Reduce
Introduction to Map ReduceIntroduction to Map Reduce
Introduction to Map Reduce
Apache Apex
Β 
Hadoop 1.x vs 2
Hadoop 1.x vs 2Hadoop 1.x vs 2
Hadoop 1.x vs 2
Rommel Garcia
Β 
Introduction SQL Analytics on Lakehouse Architecture
Introduction SQL Analytics on Lakehouse ArchitectureIntroduction SQL Analytics on Lakehouse Architecture
Introduction SQL Analytics on Lakehouse Architecture
Databricks
Β 
APACHE TOREE: A JUPYTER KERNEL FOR SPARK by Marius van Niekerk
APACHE TOREE: A JUPYTER KERNEL FOR SPARK by Marius van NiekerkAPACHE TOREE: A JUPYTER KERNEL FOR SPARK by Marius van Niekerk
APACHE TOREE: A JUPYTER KERNEL FOR SPARK by Marius van Niekerk
Spark Summit
Β 
SF Big Analytics 20190612: Building highly efficient data lakes using Apache ...
SF Big Analytics 20190612: Building highly efficient data lakes using Apache ...SF Big Analytics 20190612: Building highly efficient data lakes using Apache ...
SF Big Analytics 20190612: Building highly efficient data lakes using Apache ...
Chester Chen
Β 
ODTUG KSCOPE 2018 - REST APIs for FDMEE and Cloud Data Management
ODTUG KSCOPE 2018 - REST APIs for FDMEE and Cloud Data ManagementODTUG KSCOPE 2018 - REST APIs for FDMEE and Cloud Data Management
ODTUG KSCOPE 2018 - REST APIs for FDMEE and Cloud Data Management
Francisco Amores
Β 
Towards Flink 2.0: Unified Batch & Stream Processing - Aljoscha Krettek, Verv...
Towards Flink 2.0: Unified Batch & Stream Processing - Aljoscha Krettek, Verv...Towards Flink 2.0: Unified Batch & Stream Processing - Aljoscha Krettek, Verv...
Towards Flink 2.0: Unified Batch & Stream Processing - Aljoscha Krettek, Verv...
Flink Forward
Β 
Hive LLAP: A High Performance, Cost-effective Alternative to Traditional MPP ...
Hive LLAP: A High Performance, Cost-effective Alternative to Traditional MPP ...Hive LLAP: A High Performance, Cost-effective Alternative to Traditional MPP ...
Hive LLAP: A High Performance, Cost-effective Alternative to Traditional MPP ...
DataWorks Summit
Β 
vCenter and ESXi network port communications
vCenter and ESXi network port communicationsvCenter and ESXi network port communications
vCenter and ESXi network port communications
Animesh Dixit
Β 
Ceph Deployment at Target: Customer Spotlight
Ceph Deployment at Target: Customer SpotlightCeph Deployment at Target: Customer Spotlight
Ceph Deployment at Target: Customer Spotlight
Red_Hat_Storage
Β 

More Related Content

What's hot

ORC File and Vectorization - Hadoop Summit 2013
ORC File and Vectorization - Hadoop Summit 2013ORC File and Vectorization - Hadoop Summit 2013
ORC File and Vectorization - Hadoop Summit 2013
Owen O'Malley
Β 
Analytics and Lakehouse Integration Options for Oracle Applications
Analytics and Lakehouse Integration Options for Oracle ApplicationsAnalytics and Lakehouse Integration Options for Oracle Applications
Analytics and Lakehouse Integration Options for Oracle Applications
Ray FΓ©vrier
Β 
Druid: Sub-Second OLAP queries over Petabytes of Streaming Data
Druid: Sub-Second OLAP queries over Petabytes of Streaming DataDruid: Sub-Second OLAP queries over Petabytes of Streaming Data
Druid: Sub-Second OLAP queries over Petabytes of Streaming Data
DataWorks Summit
Β 
How to Build the Data Mesh Foundation: A Principled Approach | Zhamak Dehghan...
How to Build the Data Mesh Foundation: A Principled Approach | Zhamak Dehghan...How to Build the Data Mesh Foundation: A Principled Approach | Zhamak Dehghan...
How to Build the Data Mesh Foundation: A Principled Approach | Zhamak Dehghan...
HostedbyConfluent
Β 
APACHE TOREE: A JUPYTER KERNEL FOR SPARK by Marius van Niekerk
APACHE TOREE: A JUPYTER KERNEL FOR SPARK by Marius van NiekerkAPACHE TOREE: A JUPYTER KERNEL FOR SPARK by Marius van Niekerk
APACHE TOREE: A JUPYTER KERNEL FOR SPARK by Marius van Niekerk
Spark Summit
Β 
SF Big Analytics 20190612: Building highly efficient data lakes using Apache ...
SF Big Analytics 20190612: Building highly efficient data lakes using Apache ...SF Big Analytics 20190612: Building highly efficient data lakes using Apache ...
SF Big Analytics 20190612: Building highly efficient data lakes using Apache ...
Chester Chen
Β 
ODTUG KSCOPE 2018 - REST APIs for FDMEE and Cloud Data Management
ODTUG KSCOPE 2018 - REST APIs for FDMEE and Cloud Data ManagementODTUG KSCOPE 2018 - REST APIs for FDMEE and Cloud Data Management
ODTUG KSCOPE 2018 - REST APIs for FDMEE and Cloud Data Management
Francisco Amores
Β 
Towards Flink 2.0: Unified Batch & Stream Processing - Aljoscha Krettek, Verv...
Towards Flink 2.0: Unified Batch & Stream Processing - Aljoscha Krettek, Verv...Towards Flink 2.0: Unified Batch & Stream Processing - Aljoscha Krettek, Verv...
Towards Flink 2.0: Unified Batch & Stream Processing - Aljoscha Krettek, Verv...
Flink Forward
Β 
Hive LLAP: A High Performance, Cost-effective Alternative to Traditional MPP ...
Hive LLAP: A High Performance, Cost-effective Alternative to Traditional MPP ...Hive LLAP: A High Performance, Cost-effective Alternative to Traditional MPP ...
Hive LLAP: A High Performance, Cost-effective Alternative to Traditional MPP ...
DataWorks Summit
Β 

What's hot (20)

Keynote Oracle Fusion Middleware Summit_2020
Keynote Oracle Fusion Middleware Summit_2020Keynote Oracle Fusion Middleware Summit_2020
Keynote Oracle Fusion Middleware Summit_2020
Β 
Dataflow with Apache NiFi
Dataflow with Apache NiFiDataflow with Apache NiFi
Dataflow with Apache NiFi
Β 
Introduction to data flow management using apache nifi
Introduction to data flow management using apache nifiIntroduction to data flow management using apache nifi
Introduction to data flow management using apache nifi
Β 
DevOps for Data Engineers - Automate Your Data Science Pipeline with Ansible,...
DevOps for Data Engineers - Automate Your Data Science Pipeline with Ansible,...DevOps for Data Engineers - Automate Your Data Science Pipeline with Ansible,...
DevOps for Data Engineers - Automate Your Data Science Pipeline with Ansible,...
Β 
Road to NODES - Handling Neo4j Data with Apache Hop
Road to NODES - Handling Neo4j Data with Apache HopRoad to NODES - Handling Neo4j Data with Apache Hop
Road to NODES - Handling Neo4j Data with Apache Hop
Β 
ORC File and Vectorization - Hadoop Summit 2013
ORC File and Vectorization - Hadoop Summit 2013ORC File and Vectorization - Hadoop Summit 2013
ORC File and Vectorization - Hadoop Summit 2013
Β 
Talend Big Data Tutorial | Talend DI and Big Data Certification | Talend Onli...
Talend Big Data Tutorial | Talend DI and Big Data Certification | Talend Onli...Talend Big Data Tutorial | Talend DI and Big Data Certification | Talend Onli...
Talend Big Data Tutorial | Talend DI and Big Data Certification | Talend Onli...
Β 
Analytics and Lakehouse Integration Options for Oracle Applications
Analytics and Lakehouse Integration Options for Oracle ApplicationsAnalytics and Lakehouse Integration Options for Oracle Applications
Analytics and Lakehouse Integration Options for Oracle Applications
Β 
Druid: Sub-Second OLAP queries over Petabytes of Streaming Data
Druid: Sub-Second OLAP queries over Petabytes of Streaming DataDruid: Sub-Second OLAP queries over Petabytes of Streaming Data
Druid: Sub-Second OLAP queries over Petabytes of Streaming Data
Β 
Relational Databases to Riak
Relational Databases to RiakRelational Databases to Riak
Relational Databases to Riak
Β 
How to Build the Data Mesh Foundation: A Principled Approach | Zhamak Dehghan...
How to Build the Data Mesh Foundation: A Principled Approach | Zhamak Dehghan...How to Build the Data Mesh Foundation: A Principled Approach | Zhamak Dehghan...
How to Build the Data Mesh Foundation: A Principled Approach | Zhamak Dehghan...
Β 
Postgres vs Elasticsearch while enriching data - Vlad Somov | Ruby Meditaiton...
Postgres vs Elasticsearch while enriching data - Vlad Somov | Ruby Meditaiton...Postgres vs Elasticsearch while enriching data - Vlad Somov | Ruby Meditaiton...
Postgres vs Elasticsearch while enriching data - Vlad Somov | Ruby Meditaiton...
Β 
Introduction to Map Reduce
Introduction to Map ReduceIntroduction to Map Reduce
Introduction to Map Reduce
Β 
Hadoop 1.x vs 2
Hadoop 1.x vs 2Hadoop 1.x vs 2
Hadoop 1.x vs 2
Β 
Introduction SQL Analytics on Lakehouse Architecture
Introduction SQL Analytics on Lakehouse ArchitectureIntroduction SQL Analytics on Lakehouse Architecture
Introduction SQL Analytics on Lakehouse Architecture
Β 
APACHE TOREE: A JUPYTER KERNEL FOR SPARK by Marius van Niekerk
APACHE TOREE: A JUPYTER KERNEL FOR SPARK by Marius van NiekerkAPACHE TOREE: A JUPYTER KERNEL FOR SPARK by Marius van Niekerk
APACHE TOREE: A JUPYTER KERNEL FOR SPARK by Marius van Niekerk
Β 
SF Big Analytics 20190612: Building highly efficient data lakes using Apache ...
SF Big Analytics 20190612: Building highly efficient data lakes using Apache ...SF Big Analytics 20190612: Building highly efficient data lakes using Apache ...
SF Big Analytics 20190612: Building highly efficient data lakes using Apache ...
Β 
ODTUG KSCOPE 2018 - REST APIs for FDMEE and Cloud Data Management
ODTUG KSCOPE 2018 - REST APIs for FDMEE and Cloud Data ManagementODTUG KSCOPE 2018 - REST APIs for FDMEE and Cloud Data Management
ODTUG KSCOPE 2018 - REST APIs for FDMEE and Cloud Data Management
Β 
Towards Flink 2.0: Unified Batch & Stream Processing - Aljoscha Krettek, Verv...
Towards Flink 2.0: Unified Batch & Stream Processing - Aljoscha Krettek, Verv...Towards Flink 2.0: Unified Batch & Stream Processing - Aljoscha Krettek, Verv...
Towards Flink 2.0: Unified Batch & Stream Processing - Aljoscha Krettek, Verv...
Β 
Hive LLAP: A High Performance, Cost-effective Alternative to Traditional MPP ...
Hive LLAP: A High Performance, Cost-effective Alternative to Traditional MPP ...Hive LLAP: A High Performance, Cost-effective Alternative to Traditional MPP ...
Hive LLAP: A High Performance, Cost-effective Alternative to Traditional MPP ...
Β 

Viewers also liked

vCenter and ESXi network port communications
vCenter and ESXi network port communicationsvCenter and ESXi network port communications
vCenter and ESXi network port communications
Animesh Dixit
Β 
Lançamento do novo vSphere VMware 6.5
Lançamento do novo vSphere VMware 6.5Lançamento do novo vSphere VMware 6.5
Lançamento do novo vSphere VMware 6.5
Bravo Tecnologia
Β 
You voiced your concerns. VMware listened: Major Adjustments to vSphere 5 lic...
You voiced your concerns. VMware listened: Major Adjustments to vSphere 5 lic...You voiced your concerns. VMware listened: Major Adjustments to vSphere 5 lic...
You voiced your concerns. VMware listened: Major Adjustments to vSphere 5 lic...
Softchoice Corporation
Β 
SQL Server 2012 ile Gelen Yeni Γ–zellikler
SQL Server 2012 ile Gelen Yeni Γ–zelliklerSQL Server 2012 ile Gelen Yeni Γ–zellikler
SQL Server 2012 ile Gelen Yeni Γ–zellikler
turgaysahtiyan
Β 

Viewers also liked (20)

vCenter and ESXi network port communications
vCenter and ESXi network port communicationsvCenter and ESXi network port communications
vCenter and ESXi network port communications
Β 
Ceph Deployment at Target: Customer Spotlight
Ceph Deployment at Target: Customer SpotlightCeph Deployment at Target: Customer Spotlight
Ceph Deployment at Target: Customer Spotlight
Β 
vSphere 6.5 Upgrade Order
vSphere 6.5 Upgrade OrdervSphere 6.5 Upgrade Order
vSphere 6.5 Upgrade Order
Β 
20 Common Ports and their purposes
20 Common Ports and their purposes 20 Common Ports and their purposes
20 Common Ports and their purposes
Β 
Hacking Microsoft Remote Desktop Services for Fun and Profit
Hacking Microsoft Remote Desktop Services for Fun and ProfitHacking Microsoft Remote Desktop Services for Fun and Profit
Hacking Microsoft Remote Desktop Services for Fun and Profit
Β 
Presentazione Corso VMware vSphere 6.5
Presentazione Corso VMware vSphere 6.5Presentazione Corso VMware vSphere 6.5
Presentazione Corso VMware vSphere 6.5
Β 
Lançamento do novo vSphere VMware 6.5
Lançamento do novo vSphere VMware 6.5Lançamento do novo vSphere VMware 6.5
Lançamento do novo vSphere VMware 6.5
Β 
Nordic VMUG User Conference 2014 - Design VMware vCenter Server
Nordic VMUG User Conference 2014 - Design VMware vCenter ServerNordic VMUG User Conference 2014 - Design VMware vCenter Server
Nordic VMUG User Conference 2014 - Design VMware vCenter Server
Β 
Limewood Event - VMware
Limewood Event - VMware Limewood Event - VMware
Limewood Event - VMware
Β 
Cassandra Introduction & Features
Cassandra Introduction & FeaturesCassandra Introduction & Features
Cassandra Introduction & Features
Β 
System Center 2012 - January Licensing Update
System Center 2012 - January Licensing UpdateSystem Center 2012 - January Licensing Update
System Center 2012 - January Licensing Update
Β 
Softchoice Webinar Series: VMware vSphere 5.1 Changes
Softchoice Webinar Series: VMware vSphere 5.1 ChangesSoftchoice Webinar Series: VMware vSphere 5.1 Changes
Softchoice Webinar Series: VMware vSphere 5.1 Changes
Β 
You voiced your concerns. VMware listened: Major Adjustments to vSphere 5 lic...
You voiced your concerns. VMware listened: Major Adjustments to vSphere 5 lic...You voiced your concerns. VMware listened: Major Adjustments to vSphere 5 lic...
You voiced your concerns. VMware listened: Major Adjustments to vSphere 5 lic...
Β 
SQL Server 2012 ile Gelen Yeni Γ–zellikler
SQL Server 2012 ile Gelen Yeni Γ–zelliklerSQL Server 2012 ile Gelen Yeni Γ–zellikler
SQL Server 2012 ile Gelen Yeni Γ–zellikler
Β 
Findability Day 2015 Mattias Ellison - Findwise - Enterprise Search and fin...
Findability Day 2015 Mattias Ellison - Findwise - Enterprise Search and fin...Findability Day 2015 Mattias Ellison - Findwise - Enterprise Search and fin...
Findability Day 2015 Mattias Ellison - Findwise - Enterprise Search and fin...
Β 
VMUGIT Meeting Pisa 2015 - SDS secondo VMware: VSAN e VVOL
VMUGIT Meeting Pisa 2015 - SDS secondo VMware: VSAN e VVOLVMUGIT Meeting Pisa 2015 - SDS secondo VMware: VSAN e VVOL
VMUGIT Meeting Pisa 2015 - SDS secondo VMware: VSAN e VVOL
Β 
Site Recovery Manager - Una visione architetturale
Site Recovery Manager - Una visione architetturaleSite Recovery Manager - Una visione architetturale
Site Recovery Manager - Una visione architetturale
Β 
SQL Server Performans İpuçları
SQL Server Performans İpuçlarıSQL Server Performans İpuçları
SQL Server Performans İpuçları
Β 
Docker at Djangocon 2013 | Talk by Ken Cochrane
Docker at Djangocon 2013 | Talk by Ken CochraneDocker at Djangocon 2013 | Talk by Ken Cochrane
Docker at Djangocon 2013 | Talk by Ken Cochrane
Β 
Virtual Space Race: How IT with The Right Stuff Creates a Competitive Advantage
Virtual Space Race: How IT with The Right Stuff Creates a Competitive AdvantageVirtual Space Race: How IT with The Right Stuff Creates a Competitive Advantage
Virtual Space Race: How IT with The Right Stuff Creates a Competitive Advantage
Β 

Similar to How to hack VMware vCenter server in 60 seconds

Vsicm51 m02 virtualization_intro_
Vsicm51 m02 virtualization_intro_Vsicm51 m02 virtualization_intro_
Vsicm51 m02 virtualization_intro_
VCAP5_wordpress
Β 
ZertoCON_Support_Toolz.pdf
ZertoCON_Support_Toolz.pdfZertoCON_Support_Toolz.pdf
ZertoCON_Support_Toolz.pdf
testslebew
Β 
Positive Technologies - S4 - Scada under x-rays
Positive Technologies - S4 - Scada under x-raysPositive Technologies - S4 - Scada under x-rays
Positive Technologies - S4 - Scada under x-rays
qqlan
Β 
OSCON 2011 - Node.js Tutorial
OSCON 2011 - Node.js TutorialOSCON 2011 - Node.js Tutorial
OSCON 2011 - Node.js Tutorial
Tom Croucher
Β 
VMWARE Professionals - Security, Multitenancy and Flexibility
VMWARE Professionals - Security, Multitenancy and FlexibilityVMWARE Professionals - Security, Multitenancy and Flexibility
VMWARE Professionals - Security, Multitenancy and Flexibility
Paulo Freitas
Β 

Similar to How to hack VMware vCenter server in 60 seconds (20)

[OpenStack Day in Korea 2015] Track 1-4 - VDI OpenStack? It Works!!!
[OpenStack Day in Korea 2015] Track 1-4 - VDI OpenStack? It Works!!![OpenStack Day in Korea 2015] Track 1-4 - VDI OpenStack? It Works!!!
[OpenStack Day in Korea 2015] Track 1-4 - VDI OpenStack? It Works!!!
Β 
vCenter Server 5.5 Single Sign-On VMDir deep dive
vCenter Server 5.5 Single Sign-On VMDir deep divevCenter Server 5.5 Single Sign-On VMDir deep dive
vCenter Server 5.5 Single Sign-On VMDir deep dive
Β 
VMware
VMwareVMware
VMware
Β 
Configuring and Troubleshooting XenDesktop Sites
Configuring and Troubleshooting XenDesktop SitesConfiguring and Troubleshooting XenDesktop Sites
Configuring and Troubleshooting XenDesktop Sites
Β 
EUC State of the Union 2021
EUC State of the Union 2021EUC State of the Union 2021
EUC State of the Union 2021
Β 
Vsicm51 m02 virtualization_intro_
Vsicm51 m02 virtualization_intro_Vsicm51 m02 virtualization_intro_
Vsicm51 m02 virtualization_intro_
Β 
Securing your Cloud Environment
Securing your Cloud EnvironmentSecuring your Cloud Environment
Securing your Cloud Environment
Β 
VDI-in-a-Box installation guide for Lab PCs
VDI-in-a-Box installation guide for Lab PCs VDI-in-a-Box installation guide for Lab PCs
VDI-in-a-Box installation guide for Lab PCs
Β 
ZertoCON_Support_Toolz.pdf
ZertoCON_Support_Toolz.pdfZertoCON_Support_Toolz.pdf
ZertoCON_Support_Toolz.pdf
Β 
CloudStack - Top 5 Technical Issues and Troubleshooting
CloudStack - Top 5 Technical Issues and TroubleshootingCloudStack - Top 5 Technical Issues and Troubleshooting
CloudStack - Top 5 Technical Issues and Troubleshooting
Β 
Securing your Cloud Environment v2
Securing your Cloud Environment v2Securing your Cloud Environment v2
Securing your Cloud Environment v2
Β 
VSICM8_M02.pptx
VSICM8_M02.pptxVSICM8_M02.pptx
VSICM8_M02.pptx
Β 
Securing a Windows Infrastructure using Windows Server 2012 & Windows 8 Built...
Securing a Windows Infrastructure using Windows Server 2012 & Windows 8 Built...Securing a Windows Infrastructure using Windows Server 2012 & Windows 8 Built...
Securing a Windows Infrastructure using Windows Server 2012 & Windows 8 Built...
Β 
VMworld Europe 204: Technical Deep Dive on EVO: RAIL, the new VMware Hyper-Co...
VMworld Europe 204: Technical Deep Dive on EVO: RAIL, the new VMware Hyper-Co...VMworld Europe 204: Technical Deep Dive on EVO: RAIL, the new VMware Hyper-Co...
VMworld Europe 204: Technical Deep Dive on EVO: RAIL, the new VMware Hyper-Co...
Β 
VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...
VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...
VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...
Β 
Automating That "Other" OS
Automating That "Other" OSAutomating That "Other" OS
Automating That "Other" OS
Β 
SafeNet ProtectV Data Protection for Virtual Infrastructure
SafeNet ProtectV Data Protection for Virtual InfrastructureSafeNet ProtectV Data Protection for Virtual Infrastructure
SafeNet ProtectV Data Protection for Virtual Infrastructure
Β 
Positive Technologies - S4 - Scada under x-rays
Positive Technologies - S4 - Scada under x-raysPositive Technologies - S4 - Scada under x-rays
Positive Technologies - S4 - Scada under x-rays
Β 
OSCON 2011 - Node.js Tutorial
OSCON 2011 - Node.js TutorialOSCON 2011 - Node.js Tutorial
OSCON 2011 - Node.js Tutorial
Β 
VMWARE Professionals - Security, Multitenancy and Flexibility
VMWARE Professionals - Security, Multitenancy and FlexibilityVMWARE Professionals - Security, Multitenancy and Flexibility
VMWARE Professionals - Security, Multitenancy and Flexibility
Β 

More from Positive Hack Days

Π˜Π½ΡΡ‚Ρ€ΡƒΠΌΠ΅Π½Ρ‚ ChangelogBuilder для автоматичСской ΠΏΠΎΠ΄Π³ΠΎΡ‚ΠΎΠ²ΠΊΠΈ Release Notes
Π˜Π½ΡΡ‚Ρ€ΡƒΠΌΠ΅Π½Ρ‚ ChangelogBuilder для автоматичСской ΠΏΠΎΠ΄Π³ΠΎΡ‚ΠΎΠ²ΠΊΠΈ Release NotesΠ˜Π½ΡΡ‚Ρ€ΡƒΠΌΠ΅Π½Ρ‚ ChangelogBuilder для автоматичСской ΠΏΠΎΠ΄Π³ΠΎΡ‚ΠΎΠ²ΠΊΠΈ Release Notes
Π˜Π½ΡΡ‚Ρ€ΡƒΠΌΠ΅Π½Ρ‚ ChangelogBuilder для автоматичСской ΠΏΠΎΠ΄Π³ΠΎΡ‚ΠΎΠ²ΠΊΠΈ Release Notes
Positive Hack Days
Β 
Как ΠΌΡ‹ собираСм ΠΏΡ€ΠΎΠ΅ΠΊΡ‚Ρ‹ Π² Π²Ρ‹Π΄Π΅Π»Π΅Π½Π½ΠΎΠΌ ΠΎΠΊΡ€ΡƒΠΆΠ΅Π½ΠΈΠΈ Π² Windows Docker
Как ΠΌΡ‹ собираСм ΠΏΡ€ΠΎΠ΅ΠΊΡ‚Ρ‹ Π² Π²Ρ‹Π΄Π΅Π»Π΅Π½Π½ΠΎΠΌ ΠΎΠΊΡ€ΡƒΠΆΠ΅Π½ΠΈΠΈ Π² Windows DockerКак ΠΌΡ‹ собираСм ΠΏΡ€ΠΎΠ΅ΠΊΡ‚Ρ‹ Π² Π²Ρ‹Π΄Π΅Π»Π΅Π½Π½ΠΎΠΌ ΠΎΠΊΡ€ΡƒΠΆΠ΅Π½ΠΈΠΈ Π² Windows Docker
Как ΠΌΡ‹ собираСм ΠΏΡ€ΠΎΠ΅ΠΊΡ‚Ρ‹ Π² Π²Ρ‹Π΄Π΅Π»Π΅Π½Π½ΠΎΠΌ ΠΎΠΊΡ€ΡƒΠΆΠ΅Π½ΠΈΠΈ Π² Windows Docker
Positive Hack Days
Β 
Виповая сборка ΠΈ Π΄Π΅ΠΏΠ»ΠΎΠΉ ΠΏΡ€ΠΎΠ΄ΡƒΠΊΡ‚ΠΎΠ² Π² Positive Technologies
Виповая сборка ΠΈ Π΄Π΅ΠΏΠ»ΠΎΠΉ ΠΏΡ€ΠΎΠ΄ΡƒΠΊΡ‚ΠΎΠ² Π² Positive TechnologiesВиповая сборка ΠΈ Π΄Π΅ΠΏΠ»ΠΎΠΉ ΠΏΡ€ΠΎΠ΄ΡƒΠΊΡ‚ΠΎΠ² Π² Positive Technologies
Виповая сборка ΠΈ Π΄Π΅ΠΏΠ»ΠΎΠΉ ΠΏΡ€ΠΎΠ΄ΡƒΠΊΡ‚ΠΎΠ² Π² Positive Technologies
Positive Hack Days
Β 
Аналитика Π² ΠΏΡ€ΠΎΠ΅ΠΊΡ‚Π°Ρ…: TFS + Qlik
Аналитика Π² ΠΏΡ€ΠΎΠ΅ΠΊΡ‚Π°Ρ…: TFS + QlikАналитика Π² ΠΏΡ€ΠΎΠ΅ΠΊΡ‚Π°Ρ…: TFS + Qlik
Аналитика Π² ΠΏΡ€ΠΎΠ΅ΠΊΡ‚Π°Ρ…: TFS + Qlik
Positive Hack Days
Β 
ΠœΠ΅Ρ‚ΠΎΠ΄ΠΈΠΊΠ° опрСдСлСния Π½Π΅ΠΈΡΠΏΠΎΠ»ΡŒΠ·ΡƒΠ΅ΠΌΡ‹Ρ… рСсурсов Π²ΠΈΡ€Ρ‚ΡƒΠ°Π»ΡŒΠ½Ρ‹Ρ… машин ΠΈ Π°Π²Ρ‚ΠΎΠΌΠ°Ρ‚ΠΈΠ·Π°Ρ†ΠΈ...
ΠœΠ΅Ρ‚ΠΎΠ΄ΠΈΠΊΠ° опрСдСлСния Π½Π΅ΠΈΡΠΏΠΎΠ»ΡŒΠ·ΡƒΠ΅ΠΌΡ‹Ρ… рСсурсов Π²ΠΈΡ€Ρ‚ΡƒΠ°Π»ΡŒΠ½Ρ‹Ρ… машин ΠΈ Π°Π²Ρ‚ΠΎΠΌΠ°Ρ‚ΠΈΠ·Π°Ρ†ΠΈ...ΠœΠ΅Ρ‚ΠΎΠ΄ΠΈΠΊΠ° опрСдСлСния Π½Π΅ΠΈΡΠΏΠΎΠ»ΡŒΠ·ΡƒΠ΅ΠΌΡ‹Ρ… рСсурсов Π²ΠΈΡ€Ρ‚ΡƒΠ°Π»ΡŒΠ½Ρ‹Ρ… машин ΠΈ Π°Π²Ρ‚ΠΎΠΌΠ°Ρ‚ΠΈΠ·Π°Ρ†ΠΈ...
ΠœΠ΅Ρ‚ΠΎΠ΄ΠΈΠΊΠ° опрСдСлСния Π½Π΅ΠΈΡΠΏΠΎΠ»ΡŒΠ·ΡƒΠ΅ΠΌΡ‹Ρ… рСсурсов Π²ΠΈΡ€Ρ‚ΡƒΠ°Π»ΡŒΠ½Ρ‹Ρ… машин ΠΈ Π°Π²Ρ‚ΠΎΠΌΠ°Ρ‚ΠΈΠ·Π°Ρ†ΠΈ...
Positive Hack Days
Β 
Автоматизация построСния ΠΏΡ€Π°Π²ΠΈΠ» для Approof
Автоматизация построСния ΠΏΡ€Π°Π²ΠΈΠ» для ApproofАвтоматизация построСния ΠΏΡ€Π°Π²ΠΈΠ» для Approof
Автоматизация построСния ΠΏΡ€Π°Π²ΠΈΠ» для Approof
Positive Hack Days
Β 
ΠœΠ°ΡΡ‚Π΅Ρ€-класс Β«Π’Ρ€ΡƒΡ‰ΠΎΠ±Ρ‹ Application SecurityΒ»
ΠœΠ°ΡΡ‚Π΅Ρ€-класс Β«Π’Ρ€ΡƒΡ‰ΠΎΠ±Ρ‹ Application SecurityΒ»ΠœΠ°ΡΡ‚Π΅Ρ€-класс Β«Π’Ρ€ΡƒΡ‰ΠΎΠ±Ρ‹ Application SecurityΒ»
ΠœΠ°ΡΡ‚Π΅Ρ€-класс Β«Π’Ρ€ΡƒΡ‰ΠΎΠ±Ρ‹ Application SecurityΒ»
Positive Hack Days
Β 
Π€ΠΎΡ€ΠΌΠ°Π»ΡŒΠ½Ρ‹Π΅ ΠΌΠ΅Ρ‚ΠΎΠ΄Ρ‹ Π·Π°Ρ‰ΠΈΡ‚Ρ‹ ΠΏΡ€ΠΈΠ»ΠΎΠΆΠ΅Π½ΠΈΠΉ
Π€ΠΎΡ€ΠΌΠ°Π»ΡŒΠ½Ρ‹Π΅ ΠΌΠ΅Ρ‚ΠΎΠ΄Ρ‹ Π·Π°Ρ‰ΠΈΡ‚Ρ‹ ΠΏΡ€ΠΈΠ»ΠΎΠΆΠ΅Π½ΠΈΠΉΠ€ΠΎΡ€ΠΌΠ°Π»ΡŒΠ½Ρ‹Π΅ ΠΌΠ΅Ρ‚ΠΎΠ΄Ρ‹ Π·Π°Ρ‰ΠΈΡ‚Ρ‹ ΠΏΡ€ΠΈΠ»ΠΎΠΆΠ΅Π½ΠΈΠΉ
Π€ΠΎΡ€ΠΌΠ°Π»ΡŒΠ½Ρ‹Π΅ ΠΌΠ΅Ρ‚ΠΎΠ΄Ρ‹ Π·Π°Ρ‰ΠΈΡ‚Ρ‹ ΠΏΡ€ΠΈΠ»ΠΎΠΆΠ΅Π½ΠΈΠΉ
Positive Hack Days
Β 
ЭвристичСскиС ΠΌΠ΅Ρ‚ΠΎΠ΄Ρ‹ Π·Π°Ρ‰ΠΈΡ‚Ρ‹ ΠΏΡ€ΠΈΠ»ΠΎΠΆΠ΅Π½ΠΈΠΉ
ЭвристичСскиС ΠΌΠ΅Ρ‚ΠΎΠ΄Ρ‹ Π·Π°Ρ‰ΠΈΡ‚Ρ‹ прилоТСнийЭвристичСскиС ΠΌΠ΅Ρ‚ΠΎΠ΄Ρ‹ Π·Π°Ρ‰ΠΈΡ‚Ρ‹ ΠΏΡ€ΠΈΠ»ΠΎΠΆΠ΅Π½ΠΈΠΉ
ЭвристичСскиС ΠΌΠ΅Ρ‚ΠΎΠ΄Ρ‹ Π·Π°Ρ‰ΠΈΡ‚Ρ‹ ΠΏΡ€ΠΈΠ»ΠΎΠΆΠ΅Π½ΠΈΠΉ
Positive Hack Days
Β 
ВСорСтичСскиС основы Application Security
ВСорСтичСскиС основы Application SecurityВСорСтичСскиС основы Application Security
ВСорСтичСскиС основы Application Security
Positive Hack Days
Β 
ΠžΡ‚ ΡΠΊΡΠΏΠ΅Ρ€ΠΈΠΌΠ΅Π½Ρ‚Π°Π»ΡŒΠ½ΠΎΠ³ΠΎ программирования ΠΊ ΠΏΡ€ΠΎΠΌΡ‹ΡˆΠ»Π΅Π½Π½ΠΎΠΌΡƒ: ΠΏΡƒΡ‚ΡŒ Π΄Π»ΠΈΠ½ΠΎΠΉ Π² 10 Π»Π΅Ρ‚
ΠžΡ‚ ΡΠΊΡΠΏΠ΅Ρ€ΠΈΠΌΠ΅Π½Ρ‚Π°Π»ΡŒΠ½ΠΎΠ³ΠΎ программирования ΠΊ ΠΏΡ€ΠΎΠΌΡ‹ΡˆΠ»Π΅Π½Π½ΠΎΠΌΡƒ: ΠΏΡƒΡ‚ΡŒ Π΄Π»ΠΈΠ½ΠΎΠΉ Π² 10 Π»Π΅Ρ‚ΠžΡ‚ ΡΠΊΡΠΏΠ΅Ρ€ΠΈΠΌΠ΅Π½Ρ‚Π°Π»ΡŒΠ½ΠΎΠ³ΠΎ программирования ΠΊ ΠΏΡ€ΠΎΠΌΡ‹ΡˆΠ»Π΅Π½Π½ΠΎΠΌΡƒ: ΠΏΡƒΡ‚ΡŒ Π΄Π»ΠΈΠ½ΠΎΠΉ Π² 10 Π»Π΅Ρ‚
ΠžΡ‚ ΡΠΊΡΠΏΠ΅Ρ€ΠΈΠΌΠ΅Π½Ρ‚Π°Π»ΡŒΠ½ΠΎΠ³ΠΎ программирования ΠΊ ΠΏΡ€ΠΎΠΌΡ‹ΡˆΠ»Π΅Π½Π½ΠΎΠΌΡƒ: ΠΏΡƒΡ‚ΡŒ Π΄Π»ΠΈΠ½ΠΎΠΉ Π² 10 Π»Π΅Ρ‚
Positive Hack Days
Β 
УязвимоС Android-ΠΏΡ€ΠΈΠ»ΠΎΠΆΠ΅Π½ΠΈΠ΅: N ΠΏΡ€ΠΎΠ²Π΅Ρ€Π΅Π½Π½Ρ‹Ρ… способов Π½Π°ΡΡ‚ΡƒΠΏΠΈΡ‚ΡŒ Π½Π° Π³Ρ€Π°Π±Π»ΠΈ
УязвимоС Android-ΠΏΡ€ΠΈΠ»ΠΎΠΆΠ΅Π½ΠΈΠ΅: N ΠΏΡ€ΠΎΠ²Π΅Ρ€Π΅Π½Π½Ρ‹Ρ… способов Π½Π°ΡΡ‚ΡƒΠΏΠΈΡ‚ΡŒ Π½Π° граблиУязвимоС Android-ΠΏΡ€ΠΈΠ»ΠΎΠΆΠ΅Π½ΠΈΠ΅: N ΠΏΡ€ΠΎΠ²Π΅Ρ€Π΅Π½Π½Ρ‹Ρ… способов Π½Π°ΡΡ‚ΡƒΠΏΠΈΡ‚ΡŒ Π½Π° Π³Ρ€Π°Π±Π»ΠΈ
УязвимоС Android-ΠΏΡ€ΠΈΠ»ΠΎΠΆΠ΅Π½ΠΈΠ΅: N ΠΏΡ€ΠΎΠ²Π΅Ρ€Π΅Π½Π½Ρ‹Ρ… способов Π½Π°ΡΡ‚ΡƒΠΏΠΈΡ‚ΡŒ Π½Π° Π³Ρ€Π°Π±Π»ΠΈ
Positive Hack Days
Β 
ВрСбования ΠΏΠΎ бСзопасности Π² Π°Ρ€Ρ…ΠΈΡ‚Π΅ΠΊΡ‚ΡƒΡ€Π΅ ПО
ВрСбования ΠΏΠΎ бСзопасности Π² Π°Ρ€Ρ…ΠΈΡ‚Π΅ΠΊΡ‚ΡƒΡ€Π΅ ΠŸΠžΠ’Ρ€Π΅Π±ΠΎΠ²Π°Π½ΠΈΡ ΠΏΠΎ бСзопасности Π² Π°Ρ€Ρ…ΠΈΡ‚Π΅ΠΊΡ‚ΡƒΡ€Π΅ ПО
ВрСбования ΠΏΠΎ бСзопасности Π² Π°Ρ€Ρ…ΠΈΡ‚Π΅ΠΊΡ‚ΡƒΡ€Π΅ ПО
Positive Hack Days
Β 
Π€ΠΎΡ€ΠΌΠ°Π»ΡŒΠ½Π°Ρ вСрификация ΠΊΠΎΠ΄Π° Π½Π° языкС Π‘ΠΈ
Π€ΠΎΡ€ΠΌΠ°Π»ΡŒΠ½Π°Ρ вСрификация ΠΊΠΎΠ΄Π° Π½Π° языкС Π‘ΠΈΠ€ΠΎΡ€ΠΌΠ°Π»ΡŒΠ½Π°Ρ вСрификация ΠΊΠΎΠ΄Π° Π½Π° языкС Π‘ΠΈ
Π€ΠΎΡ€ΠΌΠ°Π»ΡŒΠ½Π°Ρ вСрификация ΠΊΠΎΠ΄Π° Π½Π° языкС Π‘ΠΈ
Positive Hack Days
Β 
ΠœΠ΅Ρ…Π°Π½ΠΈΠ·ΠΌΡ‹ прСдотвращСния Π°Ρ‚Π°ΠΊ Π² ASP.NET Core
ΠœΠ΅Ρ…Π°Π½ΠΈΠ·ΠΌΡ‹ прСдотвращСния Π°Ρ‚Π°ΠΊ Π² ASP.NET CoreΠœΠ΅Ρ…Π°Π½ΠΈΠ·ΠΌΡ‹ прСдотвращСния Π°Ρ‚Π°ΠΊ Π² ASP.NET Core
ΠœΠ΅Ρ…Π°Π½ΠΈΠ·ΠΌΡ‹ прСдотвращСния Π°Ρ‚Π°ΠΊ Π² ASP.NET Core
Positive Hack Days
Β 

More from Positive Hack Days (20)

Π˜Π½ΡΡ‚Ρ€ΡƒΠΌΠ΅Π½Ρ‚ ChangelogBuilder для автоматичСской ΠΏΠΎΠ΄Π³ΠΎΡ‚ΠΎΠ²ΠΊΠΈ Release Notes
Π˜Π½ΡΡ‚Ρ€ΡƒΠΌΠ΅Π½Ρ‚ ChangelogBuilder для автоматичСской ΠΏΠΎΠ΄Π³ΠΎΡ‚ΠΎΠ²ΠΊΠΈ Release NotesΠ˜Π½ΡΡ‚Ρ€ΡƒΠΌΠ΅Π½Ρ‚ ChangelogBuilder для автоматичСской ΠΏΠΎΠ΄Π³ΠΎΡ‚ΠΎΠ²ΠΊΠΈ Release Notes
Π˜Π½ΡΡ‚Ρ€ΡƒΠΌΠ΅Π½Ρ‚ ChangelogBuilder для автоматичСской ΠΏΠΎΠ΄Π³ΠΎΡ‚ΠΎΠ²ΠΊΠΈ Release Notes
Β 
Как ΠΌΡ‹ собираСм ΠΏΡ€ΠΎΠ΅ΠΊΡ‚Ρ‹ Π² Π²Ρ‹Π΄Π΅Π»Π΅Π½Π½ΠΎΠΌ ΠΎΠΊΡ€ΡƒΠΆΠ΅Π½ΠΈΠΈ Π² Windows Docker
Как ΠΌΡ‹ собираСм ΠΏΡ€ΠΎΠ΅ΠΊΡ‚Ρ‹ Π² Π²Ρ‹Π΄Π΅Π»Π΅Π½Π½ΠΎΠΌ ΠΎΠΊΡ€ΡƒΠΆΠ΅Π½ΠΈΠΈ Π² Windows DockerКак ΠΌΡ‹ собираСм ΠΏΡ€ΠΎΠ΅ΠΊΡ‚Ρ‹ Π² Π²Ρ‹Π΄Π΅Π»Π΅Π½Π½ΠΎΠΌ ΠΎΠΊΡ€ΡƒΠΆΠ΅Π½ΠΈΠΈ Π² Windows Docker
Как ΠΌΡ‹ собираСм ΠΏΡ€ΠΎΠ΅ΠΊΡ‚Ρ‹ Π² Π²Ρ‹Π΄Π΅Π»Π΅Π½Π½ΠΎΠΌ ΠΎΠΊΡ€ΡƒΠΆΠ΅Π½ΠΈΠΈ Π² Windows Docker
Β 
Виповая сборка ΠΈ Π΄Π΅ΠΏΠ»ΠΎΠΉ ΠΏΡ€ΠΎΠ΄ΡƒΠΊΡ‚ΠΎΠ² Π² Positive Technologies
Виповая сборка ΠΈ Π΄Π΅ΠΏΠ»ΠΎΠΉ ΠΏΡ€ΠΎΠ΄ΡƒΠΊΡ‚ΠΎΠ² Π² Positive TechnologiesВиповая сборка ΠΈ Π΄Π΅ΠΏΠ»ΠΎΠΉ ΠΏΡ€ΠΎΠ΄ΡƒΠΊΡ‚ΠΎΠ² Π² Positive Technologies
Виповая сборка ΠΈ Π΄Π΅ΠΏΠ»ΠΎΠΉ ΠΏΡ€ΠΎΠ΄ΡƒΠΊΡ‚ΠΎΠ² Π² Positive Technologies
Β 
Аналитика Π² ΠΏΡ€ΠΎΠ΅ΠΊΡ‚Π°Ρ…: TFS + Qlik
Аналитика Π² ΠΏΡ€ΠΎΠ΅ΠΊΡ‚Π°Ρ…: TFS + QlikАналитика Π² ΠΏΡ€ΠΎΠ΅ΠΊΡ‚Π°Ρ…: TFS + Qlik
Аналитика Π² ΠΏΡ€ΠΎΠ΅ΠΊΡ‚Π°Ρ…: TFS + Qlik
Β 
ИспользованиС Π°Π½Π°Π»ΠΈΠ·Π°Ρ‚ΠΎΡ€Π° ΠΊΠΎΠ΄Π° SonarQube
ИспользованиС Π°Π½Π°Π»ΠΈΠ·Π°Ρ‚ΠΎΡ€Π° ΠΊΠΎΠ΄Π° SonarQubeИспользованиС Π°Π½Π°Π»ΠΈΠ·Π°Ρ‚ΠΎΡ€Π° ΠΊΠΎΠ΄Π° SonarQube
ИспользованиС Π°Π½Π°Π»ΠΈΠ·Π°Ρ‚ΠΎΡ€Π° ΠΊΠΎΠ΄Π° SonarQube
Β 
Π Π°Π·Π²ΠΈΡ‚ΠΈΠ΅ сообщСства Open DevOps Community
Π Π°Π·Π²ΠΈΡ‚ΠΈΠ΅ сообщСства Open DevOps CommunityΠ Π°Π·Π²ΠΈΡ‚ΠΈΠ΅ сообщСства Open DevOps Community
Π Π°Π·Π²ΠΈΡ‚ΠΈΠ΅ сообщСства Open DevOps Community
Β 
ΠœΠ΅Ρ‚ΠΎΠ΄ΠΈΠΊΠ° опрСдСлСния Π½Π΅ΠΈΡΠΏΠΎΠ»ΡŒΠ·ΡƒΠ΅ΠΌΡ‹Ρ… рСсурсов Π²ΠΈΡ€Ρ‚ΡƒΠ°Π»ΡŒΠ½Ρ‹Ρ… машин ΠΈ Π°Π²Ρ‚ΠΎΠΌΠ°Ρ‚ΠΈΠ·Π°Ρ†ΠΈ...
ΠœΠ΅Ρ‚ΠΎΠ΄ΠΈΠΊΠ° опрСдСлСния Π½Π΅ΠΈΡΠΏΠΎΠ»ΡŒΠ·ΡƒΠ΅ΠΌΡ‹Ρ… рСсурсов Π²ΠΈΡ€Ρ‚ΡƒΠ°Π»ΡŒΠ½Ρ‹Ρ… машин ΠΈ Π°Π²Ρ‚ΠΎΠΌΠ°Ρ‚ΠΈΠ·Π°Ρ†ΠΈ...ΠœΠ΅Ρ‚ΠΎΠ΄ΠΈΠΊΠ° опрСдСлСния Π½Π΅ΠΈΡΠΏΠΎΠ»ΡŒΠ·ΡƒΠ΅ΠΌΡ‹Ρ… рСсурсов Π²ΠΈΡ€Ρ‚ΡƒΠ°Π»ΡŒΠ½Ρ‹Ρ… машин ΠΈ Π°Π²Ρ‚ΠΎΠΌΠ°Ρ‚ΠΈΠ·Π°Ρ†ΠΈ...
ΠœΠ΅Ρ‚ΠΎΠ΄ΠΈΠΊΠ° опрСдСлСния Π½Π΅ΠΈΡΠΏΠΎΠ»ΡŒΠ·ΡƒΠ΅ΠΌΡ‹Ρ… рСсурсов Π²ΠΈΡ€Ρ‚ΡƒΠ°Π»ΡŒΠ½Ρ‹Ρ… машин ΠΈ Π°Π²Ρ‚ΠΎΠΌΠ°Ρ‚ΠΈΠ·Π°Ρ†ΠΈ...
Β 
Автоматизация построСния ΠΏΡ€Π°Π²ΠΈΠ» для Approof
Автоматизация построСния ΠΏΡ€Π°Π²ΠΈΠ» для ApproofАвтоматизация построСния ΠΏΡ€Π°Π²ΠΈΠ» для Approof
Автоматизация построСния ΠΏΡ€Π°Π²ΠΈΠ» для Approof
Β 
ΠœΠ°ΡΡ‚Π΅Ρ€-класс Β«Π’Ρ€ΡƒΡ‰ΠΎΠ±Ρ‹ Application SecurityΒ»
ΠœΠ°ΡΡ‚Π΅Ρ€-класс Β«Π’Ρ€ΡƒΡ‰ΠΎΠ±Ρ‹ Application SecurityΒ»ΠœΠ°ΡΡ‚Π΅Ρ€-класс Β«Π’Ρ€ΡƒΡ‰ΠΎΠ±Ρ‹ Application SecurityΒ»
ΠœΠ°ΡΡ‚Π΅Ρ€-класс Β«Π’Ρ€ΡƒΡ‰ΠΎΠ±Ρ‹ Application SecurityΒ»
Β 
Π€ΠΎΡ€ΠΌΠ°Π»ΡŒΠ½Ρ‹Π΅ ΠΌΠ΅Ρ‚ΠΎΠ΄Ρ‹ Π·Π°Ρ‰ΠΈΡ‚Ρ‹ ΠΏΡ€ΠΈΠ»ΠΎΠΆΠ΅Π½ΠΈΠΉ
Π€ΠΎΡ€ΠΌΠ°Π»ΡŒΠ½Ρ‹Π΅ ΠΌΠ΅Ρ‚ΠΎΠ΄Ρ‹ Π·Π°Ρ‰ΠΈΡ‚Ρ‹ ΠΏΡ€ΠΈΠ»ΠΎΠΆΠ΅Π½ΠΈΠΉΠ€ΠΎΡ€ΠΌΠ°Π»ΡŒΠ½Ρ‹Π΅ ΠΌΠ΅Ρ‚ΠΎΠ΄Ρ‹ Π·Π°Ρ‰ΠΈΡ‚Ρ‹ ΠΏΡ€ΠΈΠ»ΠΎΠΆΠ΅Π½ΠΈΠΉ
Π€ΠΎΡ€ΠΌΠ°Π»ΡŒΠ½Ρ‹Π΅ ΠΌΠ΅Ρ‚ΠΎΠ΄Ρ‹ Π·Π°Ρ‰ΠΈΡ‚Ρ‹ ΠΏΡ€ΠΈΠ»ΠΎΠΆΠ΅Π½ΠΈΠΉ
Β 
ЭвристичСскиС ΠΌΠ΅Ρ‚ΠΎΠ΄Ρ‹ Π·Π°Ρ‰ΠΈΡ‚Ρ‹ ΠΏΡ€ΠΈΠ»ΠΎΠΆΠ΅Π½ΠΈΠΉ
ЭвристичСскиС ΠΌΠ΅Ρ‚ΠΎΠ΄Ρ‹ Π·Π°Ρ‰ΠΈΡ‚Ρ‹ прилоТСнийЭвристичСскиС ΠΌΠ΅Ρ‚ΠΎΠ΄Ρ‹ Π·Π°Ρ‰ΠΈΡ‚Ρ‹ ΠΏΡ€ΠΈΠ»ΠΎΠΆΠ΅Π½ΠΈΠΉ
ЭвристичСскиС ΠΌΠ΅Ρ‚ΠΎΠ΄Ρ‹ Π·Π°Ρ‰ΠΈΡ‚Ρ‹ ΠΏΡ€ΠΈΠ»ΠΎΠΆΠ΅Π½ΠΈΠΉ
Β 
ВСорСтичСскиС основы Application Security
ВСорСтичСскиС основы Application SecurityВСорСтичСскиС основы Application Security
ВСорСтичСскиС основы Application Security
Β 
ΠžΡ‚ ΡΠΊΡΠΏΠ΅Ρ€ΠΈΠΌΠ΅Π½Ρ‚Π°Π»ΡŒΠ½ΠΎΠ³ΠΎ программирования ΠΊ ΠΏΡ€ΠΎΠΌΡ‹ΡˆΠ»Π΅Π½Π½ΠΎΠΌΡƒ: ΠΏΡƒΡ‚ΡŒ Π΄Π»ΠΈΠ½ΠΎΠΉ Π² 10 Π»Π΅Ρ‚
ΠžΡ‚ ΡΠΊΡΠΏΠ΅Ρ€ΠΈΠΌΠ΅Π½Ρ‚Π°Π»ΡŒΠ½ΠΎΠ³ΠΎ программирования ΠΊ ΠΏΡ€ΠΎΠΌΡ‹ΡˆΠ»Π΅Π½Π½ΠΎΠΌΡƒ: ΠΏΡƒΡ‚ΡŒ Π΄Π»ΠΈΠ½ΠΎΠΉ Π² 10 Π»Π΅Ρ‚ΠžΡ‚ ΡΠΊΡΠΏΠ΅Ρ€ΠΈΠΌΠ΅Π½Ρ‚Π°Π»ΡŒΠ½ΠΎΠ³ΠΎ программирования ΠΊ ΠΏΡ€ΠΎΠΌΡ‹ΡˆΠ»Π΅Π½Π½ΠΎΠΌΡƒ: ΠΏΡƒΡ‚ΡŒ Π΄Π»ΠΈΠ½ΠΎΠΉ Π² 10 Π»Π΅Ρ‚
ΠžΡ‚ ΡΠΊΡΠΏΠ΅Ρ€ΠΈΠΌΠ΅Π½Ρ‚Π°Π»ΡŒΠ½ΠΎΠ³ΠΎ программирования ΠΊ ΠΏΡ€ΠΎΠΌΡ‹ΡˆΠ»Π΅Π½Π½ΠΎΠΌΡƒ: ΠΏΡƒΡ‚ΡŒ Π΄Π»ΠΈΠ½ΠΎΠΉ Π² 10 Π»Π΅Ρ‚
Β 
УязвимоС Android-ΠΏΡ€ΠΈΠ»ΠΎΠΆΠ΅Π½ΠΈΠ΅: N ΠΏΡ€ΠΎΠ²Π΅Ρ€Π΅Π½Π½Ρ‹Ρ… способов Π½Π°ΡΡ‚ΡƒΠΏΠΈΡ‚ΡŒ Π½Π° Π³Ρ€Π°Π±Π»ΠΈ
УязвимоС Android-ΠΏΡ€ΠΈΠ»ΠΎΠΆΠ΅Π½ΠΈΠ΅: N ΠΏΡ€ΠΎΠ²Π΅Ρ€Π΅Π½Π½Ρ‹Ρ… способов Π½Π°ΡΡ‚ΡƒΠΏΠΈΡ‚ΡŒ Π½Π° граблиУязвимоС Android-ΠΏΡ€ΠΈΠ»ΠΎΠΆΠ΅Π½ΠΈΠ΅: N ΠΏΡ€ΠΎΠ²Π΅Ρ€Π΅Π½Π½Ρ‹Ρ… способов Π½Π°ΡΡ‚ΡƒΠΏΠΈΡ‚ΡŒ Π½Π° Π³Ρ€Π°Π±Π»ΠΈ
УязвимоС Android-ΠΏΡ€ΠΈΠ»ΠΎΠΆΠ΅Π½ΠΈΠ΅: N ΠΏΡ€ΠΎΠ²Π΅Ρ€Π΅Π½Π½Ρ‹Ρ… способов Π½Π°ΡΡ‚ΡƒΠΏΠΈΡ‚ΡŒ Π½Π° Π³Ρ€Π°Π±Π»ΠΈ
Β 
ВрСбования ΠΏΠΎ бСзопасности Π² Π°Ρ€Ρ…ΠΈΡ‚Π΅ΠΊΡ‚ΡƒΡ€Π΅ ПО
ВрСбования ΠΏΠΎ бСзопасности Π² Π°Ρ€Ρ…ΠΈΡ‚Π΅ΠΊΡ‚ΡƒΡ€Π΅ ΠŸΠžΠ’Ρ€Π΅Π±ΠΎΠ²Π°Π½ΠΈΡ ΠΏΠΎ бСзопасности Π² Π°Ρ€Ρ…ΠΈΡ‚Π΅ΠΊΡ‚ΡƒΡ€Π΅ ПО
ВрСбования ΠΏΠΎ бСзопасности Π² Π°Ρ€Ρ…ΠΈΡ‚Π΅ΠΊΡ‚ΡƒΡ€Π΅ ПО
Β 
Π€ΠΎΡ€ΠΌΠ°Π»ΡŒΠ½Π°Ρ вСрификация ΠΊΠΎΠ΄Π° Π½Π° языкС Π‘ΠΈ
Π€ΠΎΡ€ΠΌΠ°Π»ΡŒΠ½Π°Ρ вСрификация ΠΊΠΎΠ΄Π° Π½Π° языкС Π‘ΠΈΠ€ΠΎΡ€ΠΌΠ°Π»ΡŒΠ½Π°Ρ вСрификация ΠΊΠΎΠ΄Π° Π½Π° языкС Π‘ΠΈ
Π€ΠΎΡ€ΠΌΠ°Π»ΡŒΠ½Π°Ρ вСрификация ΠΊΠΎΠ΄Π° Π½Π° языкС Π‘ΠΈ
Β 
ΠœΠ΅Ρ…Π°Π½ΠΈΠ·ΠΌΡ‹ прСдотвращСния Π°Ρ‚Π°ΠΊ Π² ASP.NET Core
ΠœΠ΅Ρ…Π°Π½ΠΈΠ·ΠΌΡ‹ прСдотвращСния Π°Ρ‚Π°ΠΊ Π² ASP.NET CoreΠœΠ΅Ρ…Π°Π½ΠΈΠ·ΠΌΡ‹ прСдотвращСния Π°Ρ‚Π°ΠΊ Π² ASP.NET Core
ΠœΠ΅Ρ…Π°Π½ΠΈΠ·ΠΌΡ‹ прСдотвращСния Π°Ρ‚Π°ΠΊ Π² ASP.NET Core
Β 
SOC для КИИ: ΠΈΠ·Ρ€Π°ΠΈΠ»ΡŒΡΠΊΠΈΠΉ ΠΎΠΏΡ‹Ρ‚
SOC для КИИ: ΠΈΠ·Ρ€Π°ΠΈΠ»ΡŒΡΠΊΠΈΠΉ ΠΎΠΏΡ‹Ρ‚SOC для КИИ: ΠΈΠ·Ρ€Π°ΠΈΠ»ΡŒΡΠΊΠΈΠΉ ΠΎΠΏΡ‹Ρ‚
SOC для КИИ: ΠΈΠ·Ρ€Π°ΠΈΠ»ΡŒΡΠΊΠΈΠΉ ΠΎΠΏΡ‹Ρ‚
Β 
Honeywell Industrial Cyber Security Lab & Services Center
Honeywell Industrial Cyber Security Lab & Services CenterHoneywell Industrial Cyber Security Lab & Services Center
Honeywell Industrial Cyber Security Lab & Services Center
Β 
Credential stuffing ΠΈ брутфорс-Π°Ρ‚Π°ΠΊΠΈ
Credential stuffing ΠΈ брутфорс-Π°Ρ‚Π°ΠΊΠΈCredential stuffing ΠΈ брутфорс-Π°Ρ‚Π°ΠΊΠΈ
Credential stuffing ΠΈ брутфорс-Π°Ρ‚Π°ΠΊΠΈ
Β 

Recently uploaded

Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
Β 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
Β 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
Christopher Logan Kennedy
Β 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
Β 

Recently uploaded (20)

Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Β 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Β 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
Β 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Β 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Β 
Mcleodganj Call Girls πŸ₯° 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls πŸ₯° 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls πŸ₯° 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls πŸ₯° 8617370543 Service Offer VIP Hot Model
Β 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Β 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Β 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
Β 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
Β 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Β 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
Β 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
Β 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Β 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
Β 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
Β 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
Β 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
Β 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
Β 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Β 

How to hack VMware vCenter server in 60 seconds

  • 1. How to hack VMware vCenter server in 60 seconds Alexey Sintsov Alexander Minozhenko
  • 2. Hijacking VMware @asintsov @al3xmin β€’ Pen-testers at Digital Security β€’ Researchers β€’ DCG#7812 / Zeronights β€’ FUN, FUN, FUN Β© 2002β€”2012, Digital
  • 3. Hijacking VMware Our target Β© 2002β€”2012, Digital
  • 4. Hijacking VMware VMware vCenter Server β€’ VMware vCenter Server is solution to manage VMware vSphere β€’ vSphere – virtualization operating system Β© 2002β€”2012, Digital
  • 5. Hijacking VMware Pen-test… β€’ Vmware vCenter version 4.1 update 1 Services: β€’ Update Manager β€’ vCenter Orchestrator β€’ Chargeback β€’ Other β€’ Most of those services has web server Β© 2002β€”2012, Digital
  • 6. Hijacking VMware VASTO and CVE-2009-1523 β€’ Directory traversal in Jetty web server http://target:9084/vci/download/health.xml/%3f/../../../../FILE β€’ Discovered by Claudio Criscione β€’ Fixed in VMware Update Manager 4.1 update 1 :( β€’ Who want to pay me for 0day? β€’ Pentester is not resercher? Β© 2002β€”2012, Digital
  • 8. Hijacking VMware CVE-2010-1870 β€’ VMware vCenter Orchestrator use Struts2 version 2.11 discovered by Digital Defense, Inc β€’ CVE-2010-1870 Struts2/XWork remote command execution discovered by Meder Kydyraliev Fixed in 4.2 Β© 2002β€”2012, Digital
  • 9. Hijacking VMware Details β€’Struts2 does not properly escape β€œ#” β€’Could be bypass with unicode β€œu0023” β€’2 variables need to be set for RCE β€’#_memberAccess['allowStaticMethodAccess'] β€’#context['xwork.MethodAccessor.denyMethodExecution'] Β© 2002β€”2012, Digital
  • 10. Hijacking VMware But what about us? β€’ Directory traversal in Jetty web server … AGAIN! http://target:9084/vci/download/.%5C..%5C..%5C..%5C..%5C..%5C..%5C.. %5C..FILE.EXT β€’Metasploit module vmware_update_manager_traversal.rb by sinn3r β€’ We can read any file! But what Claudio Criscione propose to read vpxd-profiler-* - /SessionStats/SessionPool/Session/Id='06B90BCB-A0A4-4B9C-B680- FB72656A1DCB'/Username=β€žFakeDomainFakeUser'/SoapSession/Id='A Sorry, patched in 4.1! D45B176-63F3-4421-BBF0-FE1603E543F4'/Count/total 1 Contains logs of SOAP requests with session ID !!! Discovered by Alexey Sintsov 8) Β© 2002β€”2012, Digital
  • 11. Hijacking VMware Attack #1 β€’ Read vpxd-profiler via traversal… β€’ Get Admin’s IP addresses from it… β€’ Read secret SSL key http://target:9084/vci/downloads/...............Documents and SettingsAll UsersApplication DataVMwareVMware VirtualCenterSSLrui.key β€’ ARP-SPOOF with SSL key - PROFIT Β© 2002β€”2012, Digital
  • 12. Hijacking VMware VMware vCenter Orchestrator β€’ Vmware vCO – software for automate configuration and management β€’ Install by default with vCenter β€’ Have interesting file C:Program filesVMwareInfrastructureOrchestratorconfigurationj ettyetcpasswd.properties Β© 2002β€”2012, Digital
  • 13. Hijacking VMware VMware vCenter Orchestrator Password disclosure Read hash -> crack MD5 -> log on into Orch. -> get vCenter pass Β© 2002β€”2012, Digital
  • 14. Hijacking VMware VMware vCenter Orchestrator – more stuff β€’ vCO stored password at files: β€’ C:Program FilesVMwareInfrastructureOrchestratorapp- <virtual-infrastructure-host serverservervmoconfpluginsVC.xml <enabled>true</enabled> β€’ C:Program FilesVMwareInfrastructureOrchestratorapp- <url>https://new-virtual-center-host:443/sdk</url> <administrator-username>vmware</administrator-username> serverservervmoconfvmo.properties <administrator- password>010506275767b74786b383a4a60be767864740329d5fcf 324ec7fc98b1e0aaeef </administrator-password> <pattern>%u</pattern> </virtual-infrastructure-host> Β© 2002β€”2012, Digital
  • 15. Hijacking VMware Hmmm…. 006766e7964766a151e213a242665123568256c4031702d4c78454e5b575 f60654b vmware 00776646771786a783922145215445b62322d1a2b5d6e196a6a712d712e2 4726079 vcenter β€’ Red bytes look like length β€’ Green bytes in ASCII range β€’ Black bytes random Discovered by Alexey Sintsov and Alexander Minozhenko Β© 2002β€”2012, Digital
  • 16. Hijacking VMware 0day still not patched 8) Β© 2002β€”2012, Digital
  • 17. Hijacking VMware gg and bb a.sintsov@dsec.ru @asintsov a.minozhenko@dsec.ru @al3xmin Β© 2002β€”2012, Digital