└── README.md /README.md: -------------------------------------------------------------------------------- 1 | # Awesome Virtualization [![Awesome](https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg)](https://github.com/sindresorhus/awesome) 2 | 3 | A curated list of awesome resources about virtualization. 4 | 5 | ## Chronology 6 | 7 | - 2005-November-13: Intel `VT-x` released on `Pentium 4` (Model `662` and `672`) processors 8 | - 2006-May-23: AMD `AMD-V` released on `Orleans` and `Windsor` processors 9 | - 2007-September-10 : AMD `Barcelona` offer support for `RVI` (`SLAT`) 10 | - 2008-November: Intel `Nehalem` offer support for `EPT` (`SLAT`) 11 | - 2010-January-7: Intel `Westmere` offer support for `unrestricted guests` 12 | - 2013-June-4: Intel `haswell` offer support for `VMCS Shadowing` 13 | 14 | ## Books 15 | 16 | - [Intel® 64 and IA-32 architectures software developer's manual volume 3C](https://software.intel.com/sites/default/files/managed/7c/f1/326019-sdm-vol-3c.pdf) 17 | - [Virtual Machines: Versatile Platforms for Systems and Processes](https://www.amazon.com/Virtual-Machines-Versatile-Platforms-Architecture/dp/1558609105) 18 | - [Mastering KVM Virtualization](https://www.amazon.com/Mastering-Virtualization-Humble-Devassy-Chirammal/dp/1784399051) 19 | 20 | ## Courses 21 | 22 | - [Memory Virtualization playlist by Udacity](https://www.youtube.com/watch?v=-y9J78wSJHY&list=PLGvfHSgImk4aP4moOrG-KEqVO8gRFh4rb&index=122) 23 | - [Full Virtualization by Geoffrey Challen](https://www.youtube.com/watch?v=2moUsgMOie4) 24 | - [Xen and the Art of Virtualization by Geoffrey Challen](https://www.youtube.com/watch?v=fYH8A3RjPwY) 25 | - [Container Virtualization by Geoffrey Challen](https://www.youtube.com/watch?v=nanHh0t4ssE) 26 | - [Open Security Training Advanced VT-x course](http://opensecuritytraining.info/AdvancedX86-VTX.html) 27 | - [From Kernel to VMM](https://www.youtube.com/watch?v=FSw8Ff1SFLM) 28 | 29 | ## Papers 30 | - A comparison of software and hardware techniques for x86 virtualization by K. Adams and O. Agesen (2006) 31 | - Bringing Virtualization to the x86 Architecture with the Original VMware Workstation by Edouard Bugnion, Scott Devine, Mendel Rosenblum, Jeremy Sugerman, And Edward Y. Wang 32 | - The evolution of an x86 virtual machine monitor by O. Agesen, A. Garthwaite, J. Sheldon, and P. Subrahmanyam 33 | - Formal Requirements for Virtualizable Third Generation Architectures by Gerald J. Popek & Robert P. Goldberg 34 | - Modern Operating System 4th Edition (Chapter: Virtualization and the cloud) by Andrew Tanembaum 35 | - Xen and the Art of Virtualization by Paul Barham, Boris Dragovic, Keir Fraser, Steven Hand, Tim Harris, Alex Ho, Rolf Neugebauer, Ian Pratt, Andrew Warfield 36 | - Understanding Full Virtualization, Paravirtualization and Hardware Assisted Virtualization by VMWare 37 | - Dynamic Binary Translation from x86-32 code to x86-64 code for Virtualization by Yu-hsin Chen. 38 | 39 | 40 | ## Projects 41 | 42 | - [Bareflank](https://github.com/Bareflank/hypervisor) 43 | - [SimpleVisor](https://github.com/ionescu007/SimpleVisor) 44 | - [hypervisor-for-beginners](https://github.com/rohaaan/hypervisor-for-beginners) 45 | - [HyperPlatform](https://github.com/tandasat/HyperPlatform) 46 | - [hvpp](https://github.com/wbenny/hvpp) 47 | - [HOSS](http://www.cs.unc.edu/~porter/hoss/) 48 | - [TinyVM](https://github.com/jakogut/tinyvm) 49 | - [ACRN](https://projectacrn.github.io/) 50 | - [kHypervisor](https://github.com/Kelvinhack/kHypervisor) 51 | 52 | ## KVM 53 | 54 | - [KVM website](http://www.linux-kvm.org/page/Main_Page) 55 | - [KVM forum](http://www.linux-kvm.org/page/KVM_Forum) 56 | - [set of KVM documentations](http://www.linux-kvm.org/page/Documents) 57 | - [How VT-x, KVM and QEMU Work Together](https://binarydebt.wordpress.com/2018/10/14/intel-virtualisation-how-vt-x-kvm-and-qemu-work-together) 58 | 59 | ## Xen 60 | 61 | - [Xen website](https://www.xenproject.org/) 62 | 63 | ## QEMU 64 | 65 | - [QEMU website](https://www.qemu.org/) 66 | 67 | ## VirtualBox 68 | 69 | - [VirtualBox website](https://www.virtualbox.org/) 70 | - [VirtualBox documentation](https://www.virtualbox.org/wiki/Technical_documentation) 71 | 72 | ## Hyper-V 73 | 74 | - [Hyper-V technet](https://technet.microsoft.com/en-us/library/mt169373(v=ws.11).aspx) 75 | 76 | ## Hypervisor From Scratch 77 | 78 | - [Part 1: Basic Concepts & Configure Testing Environment](https://rayanfam.com/topics/hypervisor-from-scratch-part-1) 79 | - [Part 2: Entering VMX Operation](https://rayanfam.com/topics/hypervisor-from-scratch-part-2) 80 | - [Part 3: Setting up Our First Virtual Machine](https://rayanfam.com/topics/hypervisor-from-scratch-part-3) 81 | - [Part 4: Address Translation Using Extended Page Table (EPT)](https://rayanfam.com/topics/hypervisor-from-scratch-part-4) 82 | 83 | 84 | ## Virtual Machine Introspection 85 | 86 | - [Zero-Footprint Guest Memory Introspection from Xen by Mihai Dontu](https://www.youtube.com/watch?v=GGjPU6jHi_w) - [[Slides]](https://www.slideshare.net/xen_com_mgr/zero-footprint-guest-memory-introspection-from-xen) [[Update]](http://events17.linuxfoundation.org/sites/events/files/slides/Zero-Footprint%20Guest%20Memory%20Introspection%20with%20Xen.pdf) 87 | - [Hypervisor memory introspection at the next level](https://www.usenix.org/sites/default/files/conference/protected-files/atc15_slides_lutas.pdf) 88 | - [Bringing Commercial Grade Virtual Machine Introspection to KVM by Mihai Donțu](https://www.youtube.com/watch?v=sUPSogabV-o) - [[Slides]](http://events17.linuxfoundation.org/sites/events/files/slides/Zero-Footprint%20Guest%20Memory%20Introspection%20with%20Xen.pdf) 89 | - [Hypervisor-based, hardware-assisted system monitoring](https://www.youtube.com/watch?v=yTAVS0-qJRU) 90 | - [Virtual Machine Introspection to Detect and Protect](https://www.youtube.com/watch?v=EZPXy314q3E) 91 | - [Hypervisor Memory Forensics](http://www.s3.eurecom.fr/docs/raid13_graziano.pdf) - [[Slides]](http://s3.eurecom.fr/~emdel/talks/grazianolanzi_hitb.pdf) 92 | - [Who Watches The Watcher? Detecting Hypervisor Introspection from Unprivileged Guests](https://dfrws.org/sites/default/files/session-files/paper_who_watches_the_watcher_detecting_hypervisor_introspection_from_unprivileged_guests.pdf) 93 | 94 | ## Attacking Hypervisors 95 | - [Blackhat 2010 - Hacking the Hypervisor](https://www.youtube.com/watch?v=sTC9x5hYYFo&t=3s) 96 | - [Unboxing your virtualBox](https://www.youtube.com/watch?v=fFaWE3jt7qU) - [[Slides]](https://raw.githubusercontent.com/phoenhex/files/master/slides/unboxing_your_virtualboxes.pdf) 97 | - [Software Attacks on Hypervisor Emulation of Hardware](https://www.youtube.com/watch?v=c4DnlP88D2Y) - [[Slides]](https://www.troopers.de/downloads/troopers17/TR17_Attacking_hypervisor_through_hardwear_emulation.pdf) 98 | - [Lessons Learned from Eight Years of Breaking Hypervisors](https://www.youtube.com/watch?v=PJWJjb0uxXE) - [[Slides]](https://www.blackhat.com/docs/eu-14/materials/eu-14-Wojtczuk-Lessons-Learned-From-Eight-Years-Of-Breaking-Hypervisors.pdf) 99 | - [Virtualization under attack: Breaking out of KVM](https://www.youtube.com/watch?v=J7TmDGlBqpg) - [[Slides]](http://www.hakim.ws/DEFCON19/Speakers/Elhage/DEFCON-19-Elhage-Virtualization-Under-Attack.pdf) 100 | - [Attacking Hypervisors Using Firmware And Hardware](https://www.youtube.com/watch?v=nyW3eTobXAI) - [[Slides]](http://c7zero.info/stuff/AttackingHypervisorsViaFirmware_bhusa15_dc23.pdf) 101 | - [Performant Security Hardening of KVM by Steve Rutherford](https://www.youtube.com/watch?v=vj5PA_D03Vg) - [[Slides]](http://www.linux-kvm.org/images/3/3d/01x02-Steve_Rutherford-Performant_Security_Hardening_of_KVM.pdf) 102 | - [The Arms Race Over Virtualization](https://www.youtube.com/watch?v=nWvg7NKwOjg) - [[Slides]](https://www.blackhat.com/docs/us-16/materials/us-16-Luan-Ouroboros-Tearing-Xen-Hypervisor-With-The-Snake.pdf) 103 | - [Ouroboros: Tearing Xen Hypervisor With the Snake](https://www.youtube.com/watch?v=kt3kX94kWcM) 104 | - [Subverting the Xen hypervisor](https://invisiblethingslab.com/resources/bh08/part1.pdf) 105 | - [Preventing and Detecting Xen Hypervisor Subversions](https://invisiblethingslab.com/resources/bh08/part2.pdf) 106 | - [Bluepilling the Xen Hypervisor](https://invisiblethingslab.com/resources/bh08/part3.pdf) 107 | - [Cloudburst: Hacking 3D And Breaking Out Of Vmware](https://www.youtube.com/watch?v=NnYNaLSiOxY) 108 | - [Breaking Out of VirtualBox through 3D Acceleration](https://www.youtube.com/watch?v=i29bAx6W1uI) - [[Slides]](https://www.coresecurity.com/system/files/publications/2016/05/corelabs-Breaking_Out_of_VirtualBox_through_3D_Acceleration-Francisco_Falcon.pdf) 109 | - [Ring 0 to Ring -1 Exploitation with Hyper-V IPC](https://www.youtube.com/watch?v=_NaRZvrs8xY) 110 | - [XenPwn: Breaking paravirtualized devices](https://www.youtube.com/watch?v=qxz8MzE3QME) - [[Slide]](https://www.blackhat.com/docs/us-16/materials/us-16-Wilhelm-Xenpwn-Breaking-Paravirtualized-Devices-wp.pdf) 111 | - [The Great Escapes Of Vmware: A Retrospective Case Study Of VMWare Guest-To-Host Escape Vulnerabilities](https://www.blackhat.com/docs/eu-17/materials/eu-17-Mandal-The-Great-Escapes-Of-Vmware-A-Retrospective-Case-Study-Of-Vmware-G2H-Escape-Vulnerabilities.pdf) 112 | - [Out of the Truman Show: VM Escape in VMware Gracefully](https://www.slideshare.net/MSbluehat/bluehat-v17-out-of-the-truman-show-vm-escape-in-vmware-gracefully) 113 | - [Advanced Exploitation: Xen Hypervisor VM Escape ](https://www.youtube.com/watch?v=6Ld5CiInrcI) 114 | - [Xen exploitation part 1: XSA-105, from nobody to root](https://blog.quarkslab.com/xen-exploitation-part-1-xsa-105-from-nobody-to-root.html) 115 | - [Xen exploitation part 2: XSA-148, from guest to host](https://blog.quarkslab.com/xen-exploitation-part-2-xsa-148-from-guest-to-host.html) 116 | - [Control Register Access Exiting and Crashing VMware](https://howtohypervise.blogspot.com/2018/10/control-register-access-exiting-and.html) 117 | - [VirtualBox VMSVGA VM Escape](https://www.voidsecurity.in/2018/11/virtualbox-vmsvga-vm-escape.html) 118 | - [VirtualBox NAT DHCP/BOOTP server vulnerabilities](https://www.voidsecurity.in/2018/11/virtualbox-nat-dhcpbootp-server.html) 119 | 120 | ## CVEs 121 | - [Wandering through the Shady Corners of VMware Workstation/Fusion](https://comsecuris.com/blog/posts/vmware_vgpu_shader_vulnerabilities/) 122 | - [CVE-2018-2844: From Compiler Optimization to Code Execution - VirtualBox VM Escape](https://www.voidsecurity.in/2018/08/from-compiler-optimization-to-code.html) 123 | - [CVE-2017-3558: Oracle VM VirtualBox - Guest-to-Host Privilege Escalation via Broken Length Handling in slirp Copy](https://www.exploit-db.com/exploits/41904/) 124 | - [Better slow than sorry - VirtualBox 3D acceleration considered harmful](https://phoenhex.re/2018-07-27/better-slow-than-sorry) 125 | - [Analyzing a Patch of a Virtual Machine Escape on VMware](https://securingtomorrow.mcafee.com/mcafee-labs/analyzing-patch-of-a-virtual-machine-escape-on-vmware/) 126 | - [VirtualBox 3D Acceleration: An Acceleration Attack Surface](https://www.zerodayinitiative.com/blog/2018/8/28/virtualbox-3d-acceleration-an-accelerated-attack-surface) 127 | - [A bunch of Red Pills: VMware Escapes](https://keenlab.tencent.com/en/2018/04/23/A-bunch-of-Red-Pills-VMware-Escapes/) 128 | - [SSD Advisory – Oracle VirtualBox Multiple Guest to Host Escape Vulnerabilities](https://blogs.securiteam.com/index.php/archives/3649) 129 | - [Pandavirtualization: Exploiting the Xen hypervisor](https://googleprojectzero.blogspot.com/2017/04/pandavirtualization-exploiting-xen.html) 130 | 131 | 132 | # Malware analysis 133 | - [DEFCON 17: Reverse Engineering By Crayon: Hypervisor Based Malware Analysis and Visualization](https://www.youtube.com/watch?v=i3I8wtrjYY4) 134 | - [Hypervisors In Ur Toolbox: Monitoring N Controlling System Events With HyperPlatform](https://www.youtube.com/watch?v=oSkP5k0Bkgk) 135 | - [How to hide a hook: A hypervisor for rootkits](http://phrack.org/issues/69/15.html#article) 136 | --------------------------------------------------------------------------------