DeepSec 2013 Video: Auditing Virtual Appliances – An Untapped Source Of 0-days
Appliances are being sold and used as security devices. The good thing about these gadgets is an improvement of your security (usually, YMMV as the Usenet folks used to write). The bad thing about inserting an unknown amount of code into your defence system are the yet to be discovered flaws in its logic. In the old days you have to do some reverse engineering in order to find these bugs. Modern technology bring you the Magic of the „Cloud“™ – virtual appliances! Since everything runs under a hypervisor nowadays, your appliances have been turned into binary images which can be moved around and started anywhere you like. At DeepSec 2013 Stefan Viehböck of SEC Consult spoke about the advantages of virtual appliances and their benefit for security analysis. It seems the „Cloud“ has a silver lining for reverse engineers.
In case you use any kind of security appliance in your organisation (and connected to the network), then you should take a look at Stefan’s presentation.