Cable Forum - View Single Post

Ignitionnet · 12-05-2014, 22:50

ESXi uses its own kernel. It has a ton of similarities to RHEL, etc, but uses its own kernel and has a very small selection of libraries available. Any exploit would need to be compiled specifically for ESXi.

To actually do anything would require a rootkit that runs on Windows, uses a red pill to detect the Hypervisor, then breaks out of its VM by exploiting ESXi which would require various statically linked libraries and/or payloads which it can't download as it doesn't have Internet access, and manages to take control of ESXi.

Something that does all that would be absolutely state of the art and likely way beyond my capability to analyse anyway. I'm not going to be downloading mysterious malware to test but recognised Windows PE only samples

12-05-2014, 22:50	#28
Ignitionnet Inactive Join Date: Jun 2008 Location: Leeds, West Yorkshire Age: 47 Posts: 13,995	Re: What do I do when Windows XP ends? ESXi uses its own kernel. It has a ton of similarities to RHEL, etc, but uses its own kernel and has a very small selection of libraries available. Any exploit would need to be compiled specifically for ESXi. To actually do anything would require a rootkit that runs on Windows, uses a red pill to detect the Hypervisor, then breaks out of its VM by exploiting ESXi which would require various statically linked libraries and/or payloads which it can't download as it doesn't have Internet access, and manages to take control of ESXi. Something that does all that would be absolutely state of the art and likely way beyond my capability to analyse anyway. I'm not going to be downloading mysterious malware to test but recognised Windows PE only samples