Xen 0wning Trilogy (Black Hat USA, Aug 2008)

by Rafal Wojtczuk, Joanna Rutkowska, Alexander Tereshkin


  1. 1. Subverting the Xen Hypervisor (PDF)

  2. 2. Detecting & Preventing the Xen Hypervisor Subversions (PDF)

  3. 3. Bluepilling the Xen Hypervisor (PDF)


Code and demos: here

Blog commentary: original announcement, presentations highlights, additional comments, q35 bug patched, code posted.

BluePill and Nested Virtualization (2007-2008)

Xen and Virtualization security (2008)

Firmware/CPU/Chipset security (2009)

Attacking Intel® Trusted Execution Technology (Black Hat DC, Feb 2009)

by Rafal Wojtczuk and Joanna Rutkowska

Press releases: Announcement PR (PDF), Post-conference PR (PDF)

Blog commentary: announcement

Paper & Slides: Paper (PDF), Slides (PDF), Slides (Keynote), Slides (MOV)

Adventures with a certain Xen vulnerability (Oct 2008)

by Rafal Wojtczuk

Paper: PDF

Security Challenges in Virtualized Environments (RSA Conference, Apr 2008) by Joanna Rutkowska

(presents nested virtualization on AMD-v)

Slides: here

Code and demos: here

Blog commentary: nested virtualization

IsGameOver(), anyone? (Black Hat USA, Aug 2007)

by Joanna Rutkowska and Alexander Tereshkin

(In-depth BluePill detection and anti-detection)

Presentation slides: PPT, PDF

Code: here

Blog commentary: virtualization detection vs. bluepill detection discussion,

(Refer also to the Bluepilling the Xen Hypervisor presentation above for additional research on this topic.)

Attacking SMM Memory via Intel® CPU Cache Poisoning (March 2009)

by Rafal Wojtczuk and Joanna Rutkowska

Paper: PDF

Blog commentary: announcement

Code: here

Attacking Intel® BIOS (Black Hat USA, July 2009)

by Rafal Wojtczuk and Alexander Tereshkin

Press releases: PDF

Blog commentary: announcement

Slides: PDF

Code: [Coming soon]

Introducing Ring -3 Rootkits (Black Hat USA, July 2009)

by Alexander Tereshkin and Rafal Wojtczuk

Press releases: PDF

Slides: PDF

Blog commentary: announcement

Code: here

Evil Maid Attack (October 2009)

by Alexander Tereshkin and Joanna Rutkowska

Blog commentary: attack and tool description

USB image: evilmaidusb-1.01.img (11 MB)

Source Code: here

Miscellanea (2009)

Another Way to Circumvent Intel® Trusted Execution Technology (December 2009)

by Rafal Wojtczuk, Joanna Rutkowska, and Alexander Tereshkin

Press releases: PDF

Blog commentary: announcement

Paper: PDF

Qubes OS (2010)

The Qubes OS Architecture (January 2010)

by Joanna Rutkowska, Rafal Wojtczuk

Paper: PDF

Slides: PDF (Campus Party EU, May 2010)

On Trusted Computing, Desktop Security, And Why This All Matters? (September 2010)

by Joanna Rutkowska

Slides: PDF

Exploiting large memory management vulnerabilities in Xorg (August 2010)

by Rafal Wojtczuk

Paper: PDF

2011

Following the White Rabbit: Software Attacks against Intel® VT-d (May 2011)

by Rafal Wojtczuk and Joanna Rutkowska

Paper: PDF

Anti Evil Maid (September 2011)

by Joanna Rutkowska

Blog post: here

Code: here

Exploring new lands on Intel CPUs (SINIT code execution hijacking) (Dec 2011)

by Rafal Wojtczuk and Joanna Rutkowska

Blog post: here

Paper: PDF