The presentation discusses the architecture and vulnerabilities of Hyper-V, a virtualization technology used for platform security and cloud security. The speakers highlight the bug bounty program offered by Microsoft for finding vulnerabilities in Hyper-V and provide an overview of the architecture of Hyper-V from a security researcher's perspective.
- Hyper-V is a virtualization technology used for platform security and cloud security
- Microsoft offers a bug bounty program for finding vulnerabilities in Hyper-V
- The presentation provides an overview of the architecture of Hyper-V from a security researcher's perspective
- Isolation of partitions is provided by the hypervisor using extended page tables and intercepts or traps
- The presentation showcases some of the interesting vulnerabilities found in Hyper-V
- The bug bounty program pays up to $250,000 for finding and exploiting bugs in the kernel of the hypervisor
The speakers mention that finding bugs in Hyper-V is hard and complicated, and there are not many publicly described vulnerabilities. They also note that exploiting bugs in Hyper-V is not a failure, and it takes a lot of time to ramp up. The bug bounty program offered by Microsoft is one of the best, and the maximum payout is $250,000. The presentation showcases some of the vulnerabilities found in Hyper-V, including one that netted the most payout of $150,000. The speakers encourage researchers to send in more bugs and get them fixed.