{"id":39730,"url":"https://github.com/Wenzel/awesome-virtualization","name":"awesome-virtualization","description":"Collection of resources about Virtualization","projects_count":171,"last_synced_at":"2026-06-06T16:00:35.615Z","repository":{"id":47617491,"uuid":"82972367","full_name":"Wenzel/awesome-virtualization","owner":"Wenzel","description":"Collection of resources about Virtualization","archived":false,"fork":false,"pushed_at":"2025-07-16T22:05:49.000Z","size":136,"stargazers_count":1952,"open_issues_count":9,"forks_count":312,"subscribers_count":83,"default_branch":"master","last_synced_at":"2026-05-21T06:20:18.493Z","etag":null,"topics":["hypervisor","virtual-machine","virtualization"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Wenzel.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2017-02-23T21:18:29.000Z","updated_at":"2026-05-19T19:20:22.000Z","dependencies_parsed_at":"2024-01-13T21:10:20.528Z","dependency_job_id":"159b8d25-1783-4542-a962-ab0b18c5b056","html_url":"https://github.com/Wenzel/awesome-virtualization","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/Wenzel/awesome-virtualization","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Wenzel%2Fawesome-virtualization","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Wenzel%2Fawesome-virtualization/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Wenzel%2Fawesome-virtualization/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Wenzel%2Fawesome-virtualization/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Wenzel","download_url":"https://codeload.github.com/Wenzel/awesome-virtualization/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Wenzel%2Fawesome-virtualization/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33988667,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-06T02:00:07.033Z","response_time":107,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"created_at":"2024-01-13T17:06:58.433Z","updated_at":"2026-06-06T16:00:35.615Z","primary_language":null,"list_of_lists":false,"displayable":true,"categories":["Mainstream Hypervisors Documentation","Attacking Hypervisors","CVEs","Documentation","Books","Courses","Papers","Research Projects","Hypervisor Development","Virtual Machine Introspection","Malware analysis"],"sub_categories":["VirtualBox","QEMU","5 Days to Virtualization","Hyper-V","VMware","Intel","AMD","KVM","Hypervisor From Scratch","Xen"],"readme":"# Awesome Virtualization [![Awesome](https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg)](https://github.com/sindresorhus/awesome)\n\nA curated list of awesome resources about virtualization.\n\n## Table of Contents\n\n- [Chronology](#chronology)\n- [Documentation](#documentation)\n- [Books](#books)\n- [Courses](#courses)\n- [Papers](#papers)\n- [Research Projects](#research-projects)\n- [Mainstream Hypervisors Documentation](#mainstream-hypervisors-documentation)\n    - [KVM](#kvm)\n    - [Xen](#xen)\n    - [QEMU](#qemu)\n    - [VMware](#vmware)\n    - [VirtualBox](#virtualbox)\n    - [Hyper-V](#hyper-v)\n- [Hypervisor Development](#hypervisor-development)\n- [Virtual Machine Introspection](#virtual-machine-introspection)\n- [Attacking Hypervisors](#attacking-hypervisors)\n    - [KVM](#kvm-1)\n    - [Xen](#xen-1)\n    - [VMware](#vmware-1)\n    - [VirtualBox](#virtualbox-1)\n    - [Hyper-V](#hyper-v-1)\n- [Malware Analysis](#malware-analysis)\n\n## Chronology\n\n- 2005-November-13: Intel `VT-x` released on `Pentium 4` (Model `662` and `672`) processors\n- 2006-May-23: AMD `AMD-V` released on `Orleans` and `Windsor` processors\n- 2007-September-10 : AMD `Barcelona` adds `RVI` (_Rapid Virtualization Indexing_) a.k.a (_Nested Page Tables_) a.k.a (`SLAT`)\n- 2008-November: Intel `Nehalem`\n    - `EPT` (_Extended Page Tables_) a.k.a (`SLAT`)\n    - `VPID` (_Virtual Processor ID_)\n- 2010-January-7: Intel `Westmere` adds `unrestricted guests` a.k.a (_Real Mode Support_)\n- 2013-June-4: Intel `haswell`:\n    - `VMCS Shadowing`\n    - `VMFUNC`, `#VE` and `EPTP` switching\n- 2017\n    - June-21: AMD `EPYC` adds suport for `Secure Encrypted Virtualization` (_SEV_)\n    - AMD documents `Encrypted State` (_SEV-ES_)\n- 2019\n    - AMD documents `Secure Nested Paging` (_SEV-SNP_)\n    - August-1: Intel `Ice Lake`\n        - `EPT SPP` (_EPT-Based Sub-Page Write Protection_)\n        - Virtualizing `Intel Processor Trace` output buffer using EPT\n- 2020-March: Intel documents `Hypervisor-Managed Linear Address Translation` (_HLAT_)\n\n## Documentation\n\n### Intel\n\n- [Intel® 64 and IA-32 architectures software developer's manual volume 3C](https://software.intel.com/sites/default/files/managed/7c/f1/326019-sdm-vol-3c.pdf)\n- [VMCS Layout](https://github.com/LordNoteworthy/cpu-internals/blob/master/VMCS-Layout.pdf)\n- [VMX Caps](https://htmlpreview.github.io/?https://github.com/honorarybot/VmxCaps/blob/master/vmx.html)\n\n### AMD\n\n- [Secure Encrypted Virutalization](https://developer.amd.com/sev/)\n\n## Books\n\n- [Hardware and Software Support for Virtualization](https://www.amazon.com/Hardware-Software-Virtualization-Synthesis-Architecture/dp/1627056939)\n- [Virtual Machines: Versatile Platforms for Systems and Processes](https://www.amazon.com/Virtual-Machines-Versatile-Platforms-Architecture/dp/1558609105)\n- [Mastering KVM Virtualization](https://www.amazon.com/Mastering-Virtualization-Humble-Devassy-Chirammal/dp/1784399051)\n\n## Courses\n\n- [Memory Virtualization playlist by Udacity](https://www.youtube.com/watch?v=-y9J78wSJHY\u0026list=PLGvfHSgImk4aP4moOrG-KEqVO8gRFh4rb\u0026index=122)\n- [Full Virtualization by Geoffrey Challen](https://www.youtube.com/watch?v=2moUsgMOie4)\n- [Xen and the Art of Virtualization by Geoffrey Challen](https://www.youtube.com/watch?v=fYH8A3RjPwY)\n- [Container Virtualization by Geoffrey Challen](https://www.youtube.com/watch?v=nanHh0t4ssE)\n- [Open Security Training Advanced VT-x course](http://opensecuritytraining.info/AdvancedX86-VTX.html)\n- [From Kernel to VMM](https://www.youtube.com/watch?v=FSw8Ff1SFLM)\n- [MMU Virtualization via Intel EPT](https://revers.engineering/mmu-ept-technical-details/)\n- [Virtualization and Computing Lectures](https://www.youtube.com/playlist?list=PLDW872573QAbcpQ7VSUdcm4o3tgnQYBE8)\n\n## Papers\n\n- [A comparison of software and hardware techniques for x86 virtualization by K. Adams and O. Agesen (2006)](https://www.vmware.com/pdf/asplos235_adams.pdf)\n- [Bringing Virtualization to the x86 Architecture with the Original VMware Workstation by Edouard Bugnion, Scott Devine, Mendel Rosenblum, Jeremy Sugerman, And Edward Y. Wang](http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.423.4009\u0026rep=rep1\u0026type=pdf)\n- [The evolution of an x86 virtual machine monitor by O. Agesen, A. Garthwaite, J. Sheldon, and P. Subrahmanyam](http://web.mit.edu/6.033/2011/wwwdocs/papers/agesen.pdf)\n- [Formal Requirements for Virtualizable Third Generation Architectures by Gerald J. Popek \u0026 Robert P. Goldberg](http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.141.4815\u0026rep=rep1\u0026type=pdf)\n- [Modern Operating System 4th Edition (Chapter: Virtualization and the cloud) by Andrew Tanembaum](https://www.pearson.com/us/higher-education/program/Tanenbaum-Modern-Operating-Systems-4th-Edition/PGM80736.html)\n- [Xen and the Art of Virtualization by Paul Barham, Boris Dragovic, Keir Fraser, Steven Hand, Tim Harris, Alex Ho, Rolf Neugebauer, Ian Pratt, Andrew Warfield](http://www.cs.yale.edu/homes/yu-minlan/teach/csci599-fall12/papers/xen.pdf)\n- [Understanding Full Virtualization, Paravirtualization and Hardware Assisted Virtualization by VMWare](https://www.vmware.com/techpapers/2007/understanding-full-virtualization-paravirtualizat-1008.html)\n- [Dynamic Binary Translation from x86-32 code to x86-64 code for Virtualization by Yu-hsin Chen.](https://dspace.mit.edu/handle/1721.1/53095)\n- [MemoryRanger Prevents Hijacking FILE_OBJECT Structures in Windows Kernel by Igor Korkin (2019)](https://igorkorkin.blogspot.com/2019/04/memoryranger-prevents-hijacking.html)\n- [HyperDbg: Reinventing Hardware-Assisted Debugging](https://arxiv.org/pdf/2207.05676)\n- [The Reversing Machine: Reconstructing Memory Assumptions](https://arxiv.org/pdf/2405.00298)\n\n\n## Research Projects\n\n- 2006: [Blue Pill](http://www.invisiblethingslab.com/resources/bh07/nbp-0.32-public.zip)\n- 2008: [BitVisor](https://bitbucket.org/bitvisor/bitvisor/)\n- 2010:\n    - [Xvisor](http://xhypervisor.org/)\n    - [NOVA](https://github.com/udosteinberg/NOVA)\n- 2011:\n    - [ramooflax](https://github.com/airbus-seclab/ramooflax)\n    - [TinyVM](https://github.com/jakogut/tinyvm)\n- 2013: [jailhouse](https://github.com/siemens/jailhouse)\n- 2014: [HOSS](http://www.cs.unc.edu/~porter/hoss/)\n- 2015: [Bareflank](https://github.com/Bareflank/hypervisor)\n- 2016:\n    - [SimpleVisor](https://github.com/ionescu007/SimpleVisor)\n    - [HyperPlatform](https://github.com/tandasat/HyperPlatform)\n    - [kHypervisor](https://github.com/Kelvinhack/kHypervisor)\n    - [rustyvisor](https://github.com/iankronquist/rustyvisor)\n    - [HyperBone](https://github.com/DarthTon/HyperBone)\n    - [VivienneVMM](https://github.com/changeofpace/VivienneVMM)\n- 2017:\n    - [hypervisor-for-beginners](https://github.com/rohaaan/hypervisor-for-beginners)\n    - [Intel HAXM](https://github.com/intel/haxm)\n    - [ksm](https://github.com/asamy/ksm)\n    - [crosvm](https://github.com/dgreid/crosvm)\n    - [Firecracker](https://github.com/firecracker-microvm/firecracker)\n    - [SimpleSvm](https://github.com/tandasat/SimpleSvm)\n    - [GiantVM](https://github.com/GiantVM/homepage)\n- 2018:\n    - [hvpp](https://github.com/wbenny/hvpp)\n    - [ACRN](https://projectacrn.github.io/)\n    - [gbhv](https://github.com/Gbps/gbhv)\n    - [applepie](https://github.com/gamozolabs/applepie)\n    - [boxy](https://github.com/Bareflank/boxy)\n    - [nemu](https://github.com/intel/nemu)\n    - [gvisor](https://github.com/google/gvisor)\n    - [NoirVisor](https://github.com/Zero-Tang/NoirVisor)\n - 2019:\n    - [rust-vmm](https://github.com/rust-vmm/community)\n    - [MemoryRanger](https://github.com/IgorKorkin/MemoryRanger)\n    - [ZeldaOS.x86_64](https://github.com/chillancezen/ZeldaOS.x86_64)\n    - [vbh](https://github.com/intel/vbh)\n    - [HypSec](https://www.usenix.org/system/files/sec19-li-shih-wei.pdf)\n    - [zpp_hypervisor](https://github.com/eyalz800/zpp_hypervisor)\n    - [orange_slice](https://github.com/gamozolabs/orange_slice)\n    - [cloud-hypervisor](https://github.com/cloud-hypervisor/cloud-hypervisor)\n    - [uhyve](https://github.com/hermitcore/uhyve)\n    - [mythril](https://github.com/mythril-hypervisor/mythril)\n  - 2020:\n    - [MiniVisorPkg](https://github.com/tandasat/MiniVisorPkg)\n    - [MicroV](https://github.com/Bareflank/MicroV)\n    - [Zelda.RISCV](https://github.com/chillancezen/Zelda.RISCV.Emulator)\n    - [napoca](https://github.com/napocahv/napoca)\n    - [barbervisor](https://github.com/Cisco-Talos/Barbervisor)\n    - [Hedron](https://github.com/cyberus-technology/hedron)\n\n## Mainstream Hypervisors Documentation\n\n### KVM\n\n- [KVM website](http://www.linux-kvm.org/page/Main_Page)\n- [KVM forum](http://www.linux-kvm.org/page/KVM_Forum)\n- [set of KVM documentations](http://www.linux-kvm.org/page/Documents)\n- [How VT-x, KVM and QEMU Work Together](https://binarydebt.wordpress.com/2018/10/14/intel-virtualisation-how-vt-x-kvm-and-qemu-work-together)\n\n### Xen\n\n- [Xen website](https://www.xenproject.org/)\n\n### QEMU\n\n- [QEMU website](https://www.qemu.org/)\n- [QEMU Starter (a beginners guide)](https://github.com/TunaCici/QEMU_Starter)\n\n### VMware\n\n- [The Architecture of VMware ESXi](https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/techpaper/ESXi_architecture.pdf)\n\n### VirtualBox\n\n- [VirtualBox website](https://www.virtualbox.org/)\n- [VirtualBox documentation](https://www.virtualbox.org/wiki/Technical_documentation)\n\n### Hyper-V\n\n- [Hyper-V internals researches (2006-2019)](https://github.com/gerhart01/Hyper-V-Internals/blob/master/HyperResearchesHistory.md)\n- 2015:\n    - [Battle of SKM and IUM](http://www.alex-ionescu.com/blackhat2015.pdf)\n    - [Ring 0 to Ring -1 Attacks](http://www.alex-ionescu.com/syscan2015.pdf)\n- 2017:\n    - [Virtualization Based Security - Part 1: The boot process](https://blog.amossys.fr/virtualization-based-security-part1.html)\n    - [Virtualization Based Security - Part 2: kernel communications](https://blog.amossys.fr/virtualization-based-security-part2.html)\n    - [Hyper-V and its Memory Manager](http://www.andrea-allievi.com/files/Recon_2017_Montreal_HyperV_public.pptx)\n- 2018:\n    - [A Dive in to Hyper-V Architecture \u0026 Vulnerabilities](https://github.com/Microsoft/MSRC-Security-Research/blob/master/presentations/2018_08_BlackHatUSA/A%20Dive%20in%20to%20Hyper-V%20Architecture%20and%20Vulnerabilities.pdf)\n    - [Hardening Hyper-V through offensive security research - Black Hat](https://i.blackhat.com/us-18/Thu-August-9/us-18-Rabet-Hardening-Hyper-V-Through-Offensive-Security-Research.pdf)\n    - [First Steps in Hyper-V Research](https://msrc-blog.microsoft.com/2018/12/10/first-steps-in-hyper-v-research/)\n- 2019:\n    - [Growing Hypervisor 0day with Hyperseed](http://paper.vulsee.com/OffensiveCon2019/2019_02%20-%20OffensiveCon%20-%20Growing%20Hypervisor%200day%20with%20Hyperseed.pdf)\n    - [VBS and VSM Internals](https://raw.githubusercontent.com/saaramar/Publications/master/BluehatIL_VBS_meetup/VBS_Internals.pdf)\n- 2020:\n    - [Hyper-V #0x1 - Hypercalls part 1](https://foxhex0ne.blogspot.com/2020/05/hyper-v-0x1-hypercalls-part-1.html)\n    - [Hyper-V LIS](https://re.alisa.sh/notes/Hyper-V-LIS.html)\n- [Virtualization Documentation](https://docs.microsoft.com/fr-fr/virtualization/)\n- [Hyper-V technet](https://technet.microsoft.com/en-us/library/mt169373(v=ws.11).aspx)\n- [Hyper-V Internals](http://hvinternals.blogspot.com)\n\n\n## Hypervisor Development\n\n### Hypervisor From Scratch\n\n- [Part 1: Basic Concepts \u0026 Configure Testing Environment](https://rayanfam.com/topics/hypervisor-from-scratch-part-1)\n- [Part 2: Entering VMX Operation](https://rayanfam.com/topics/hypervisor-from-scratch-part-2)\n- [Part 3: Setting up Our First Virtual Machine](https://rayanfam.com/topics/hypervisor-from-scratch-part-3)\n- [Part 4: Address Translation Using Extended Page Table (EPT)](https://rayanfam.com/topics/hypervisor-from-scratch-part-4)\n- [Part 5: Setting up VMCS \u0026 Running Guest Code](https://rayanfam.com/topics/hypervisor-from-scratch-part-5)\n- [Part 6: Virtualizing An Already Running System](https://rayanfam.com/topics/hypervisor-from-scratch-part-6)\n- [Part 7: Using EPT \u0026 Page-Level Monitoring Features](https://rayanfam.com/topics/hypervisor-from-scratch-part-7)\n- [Part 8: How To Do Magic With Hypervisor!](https://rayanfam.com/topics/hypervisor-from-scratch-part-8)\n\n### 5 Days to Virtualization\n\n- [Day 0: Virtual Environment Setup, Scripts, and WinDbg ](https://revers.engineering/day-0-virtual-environment-setup-scripts-and-windbg/)\n- [Day 1: Introduction to Virtualization, Type Definitions, and Support Testing](https://revers.engineering/day-1-introduction-to-virtualization/)\n- [Day 2: Entering VMX Operation, Explaining Implementation Requirements](https://revers.engineering/day-2-entering-vmx-operation/)\n- [Day 3: The VMCS, Component Encoding, and Multiprocessor Initialization](https://revers.engineering/day-3-multiprocessor-initialization-error-handling-the-vmcs/)\n- [Day 4: VMCS Initialization, Segmentation, and Operation Visualization](https://revers.engineering/day-4-vmcs-segmentation-ops/)\n- [Day 5: The VM-exit Handler, Event Injection, Context Modifications, and CPUID Emulation](https://revers.engineering/day-5-vmexits-interrupts-cpuid-emulation/)\n\n## Virtual Machine Introspection\n\n- [Zero-Footprint Guest Memory Introspection from Xen by Mihai Dontu](https://www.youtube.com/watch?v=GGjPU6jHi_w) - [[Slides]](https://www.slideshare.net/xen_com_mgr/zero-footprint-guest-memory-introspection-from-xen) [[Update]](http://events17.linuxfoundation.org/sites/events/files/slides/Zero-Footprint%20Guest%20Memory%20Introspection%20with%20Xen.pdf)\n- [Hypervisor memory introspection at the next level](https://www.usenix.org/sites/default/files/conference/protected-files/atc15_slides_lutas.pdf)\n- [Bringing Commercial Grade Virtual Machine Introspection to KVM by Mihai Donțu](https://www.youtube.com/watch?v=sUPSogabV-o) - [[Slides]](http://events17.linuxfoundation.org/sites/events/files/slides/Zero-Footprint%20Guest%20Memory%20Introspection%20with%20Xen.pdf)\n- [Hypervisor-based, hardware-assisted system monitoring](https://www.youtube.com/watch?v=yTAVS0-qJRU)\n- [Virtual Machine Introspection to Detect and Protect](https://www.youtube.com/watch?v=EZPXy314q3E)\n- [Hypervisor Memory Forensics](http://www.s3.eurecom.fr/docs/raid13_graziano.pdf) - [[Slides]](http://s3.eurecom.fr/~emdel/talks/grazianolanzi_hitb.pdf)\n- [Who Watches The Watcher? Detecting Hypervisor Introspection from Unprivileged Guests](https://dfrws.org/sites/default/files/session-files/paper_who_watches_the_watcher_detecting_hypervisor_introspection_from_unprivileged_guests.pdf)\n- [DRAKVUF Black-box Binary Analysis for in-depth execution tracing of arbitrary binaries](https://drakvuf.com)\n- [Patchguard: Detection of Hypervisor Based Introspection - P1](https://revers.engineering/patchguard-detection-of-hypervisor-based-instrospection-p1/)\n- [Patchguard: Detection of Hypervisor Based Introspection - P2](https://revers.engineering/patchguard-detection-of-hypervisor-based-instrospection-p2/)\n- [Reversing with HyperDbg (Dbg3301) - OpenSecurityTraining](https://www.youtube.com/playlist?list=PLUFkSN0XLZ-kF1f143wlw8ujlH2A45nZY)\n- [VMAware (VM detection library and tool)](https://github.com/kernelwernel/VMAware)\n\n## Attacking Hypervisors\n\n- [Blackhat 2010 - Hacking the Hypervisor](https://www.youtube.com/watch?v=sTC9x5hYYFo\u0026t=3s)\n- [Software Attacks on Hypervisor Emulation of Hardware](https://www.youtube.com/watch?v=c4DnlP88D2Y) - [[Slides]](https://www.troopers.de/downloads/troopers17/TR17_Attacking_hypervisor_through_hardwear_emulation.pdf)\n- [Lessons Learned from Eight Years of Breaking Hypervisors](https://www.youtube.com/watch?v=PJWJjb0uxXE) - [[Slides]](https://www.blackhat.com/docs/eu-14/materials/eu-14-Wojtczuk-Lessons-Learned-From-Eight-Years-Of-Breaking-Hypervisors.pdf)\n- [Attacking Hypervisors Using Firmware And Hardware](https://www.youtube.com/watch?v=nyW3eTobXAI) - [[Slides]](http://c7zero.info/stuff/AttackingHypervisorsViaFirmware_bhusa15_dc23.pdf)\n- [The Arms Race Over Virtualization](https://www.youtube.com/watch?v=nWvg7NKwOjg) - [[Slides]](https://www.blackhat.com/docs/us-16/materials/us-16-Luan-Ouroboros-Tearing-Xen-Hypervisor-With-The-Snake.pdf)\n- [Glitches in the Matrix – Escape via NMI](https://www.cpl0.com/blog/?p=46)\n- [Hypervisor Vulnerability Research - State of the Art](https://alisa.sh/slides/HypervisorVulnerabilityResearch2020.pdf)\n\n### KVM\n\n- [Virtualization under attack: Breaking out of KVM](https://www.youtube.com/watch?v=J7TmDGlBqpg) - [[Slides]](http://www.hakim.ws/DEFCON19/Speakers/Elhage/DEFCON-19-Elhage-Virtualization-Under-Attack.pdf)\n- [Performant Security Hardening of KVM by Steve Rutherford](https://www.youtube.com/watch?v=vj5PA_D03Vg) - [[Slides]](http://www.linux-kvm.org/images/3/3d/01x02-Steve_Rutherford-Performant_Security_Hardening_of_KVM.pdf)\n\n### Xen\n\n- [Ouroboros: Tearing Xen Hypervisor With the Snake](https://www.youtube.com/watch?v=kt3kX94kWcM) \n- [Subverting the Xen hypervisor](https://invisiblethingslab.com/resources/bh08/part1.pdf)\n- [Preventing and Detecting Xen Hypervisor Subversions](https://invisiblethingslab.com/resources/bh08/part2.pdf)\n- [Bluepilling the Xen Hypervisor](https://invisiblethingslab.com/resources/bh08/part3.pdf)\n- [XenPwn: Breaking paravirtualized devices](https://www.youtube.com/watch?v=qxz8MzE3QME) - [[Slide]](https://www.blackhat.com/docs/us-16/materials/us-16-Wilhelm-Xenpwn-Breaking-Paravirtualized-Devices-wp.pdf)\n- [Advanced Exploitation: Xen Hypervisor VM Escape ](https://www.youtube.com/watch?v=6Ld5CiInrcI)\n- [Xen exploitation part 1: XSA-105, from nobody to root](https://blog.quarkslab.com/xen-exploitation-part-1-xsa-105-from-nobody-to-root.html)\n- [Xen exploitation part 2: XSA-148, from guest to host](https://blog.quarkslab.com/xen-exploitation-part-2-xsa-148-from-guest-to-host.html)\n\n### VMware\n\n- [Cloudburst: Hacking 3D And Breaking Out Of Vmware](https://www.youtube.com/watch?v=NnYNaLSiOxY)\n- [The Great Escapes Of Vmware: A Retrospective Case Study Of VMWare Guest-To-Host Escape Vulnerabilities](https://www.blackhat.com/docs/eu-17/materials/eu-17-Mandal-The-Great-Escapes-Of-Vmware-A-Retrospective-Case-Study-Of-Vmware-G2H-Escape-Vulnerabilities.pdf)\n- [Out of the Truman Show: VM Escape in VMware Gracefully](https://www.slideshare.net/MSbluehat/bluehat-v17-out-of-the-truman-show-vm-escape-in-vmware-gracefully)\n- [Control Register Access Exiting and Crashing VMware](https://howtohypervise.blogspot.com/2018/10/control-register-access-exiting-and.html)\n\n### VirtualBox\n\n- [Unboxing your virtualBox](https://www.youtube.com/watch?v=fFaWE3jt7qU) - [[Slides]](https://raw.githubusercontent.com/phoenhex/files/master/slides/unboxing_your_virtualboxes.pdf)\n- [Breaking Out of VirtualBox through 3D Acceleration](https://www.youtube.com/watch?v=i29bAx6W1uI) - [[Slides]](https://www.coresecurity.com/system/files/publications/2016/05/corelabs-Breaking_Out_of_VirtualBox_through_3D_Acceleration-Francisco_Falcon.pdf)\n- [VirtualBox VMSVGA VM Escape](https://www.voidsecurity.in/2018/11/virtualbox-vmsvga-vm-escape.html)\n- [VirtualBox NAT DHCP/BOOTP server vulnerabilities](https://www.voidsecurity.in/2018/11/virtualbox-nat-dhcpbootp-server.html)\n\n### Hyper-V\n\n- [Awesome Hyper-V Exploitation](https://github.com/shogunlab/awesome-hyper-v-exploitation)\n- 2014\n    - [Security Assessment of Microsoft Hyper-V](https://static.ernw.de/whitepaper/ERNW_Newsletter_43_HyperV_en.pdf)\n- 2015\n    - [Ring 0 to Ring -1 Exploitation with Hyper-V IPC](https://www.youtube.com/watch?v=_NaRZvrs8xY)\n- 2018\n    - [VBS and VSM Internals](https://raw.githubusercontent.com/saaramar/Publications/master/BluehatIL_VBS_meetup/VBS_Internals.pdf)\n    - [Hardening Hyper-V through offensive security research - Black Hat](https://i.blackhat.com/us-18/Thu-August-9/us-18-Rabet-Hardening-Hyper-V-Through-Offensive-Security-Research.pdf)\n    - [A Dive in to Hyper-V Architecture \u0026 Vulnerabilities](https://github.com/Microsoft/MSRC-Security-Research/blob/master/presentations/2018_08_BlackHatUSA/A%20Dive%20in%20to%20Hyper-V%20Architecture%20and%20Vulnerabilities.pdf)\n- 2019\n    - [Writing a Hyper-V Bridge for Fuzzing](http://www.alex-ionescu.com/?p=377)\n    - [Fuzzing para-virtualized devices in Hyper-V](https://msrc-blog.microsoft.com/2019/01/28/fuzzing-para-virtualized-devices-in-hyper-v/)\n    - [Growing Hypervisor 0day with Hyperseed](http://paper.vulsee.com/OffensiveCon2019/2019_02%20-%20OffensiveCon%20-%20Growing%20Hypervisor%200day%20with%20Hyperseed.pdf)\n- 2020\n    - [Breaking VSM by Attacking SecureKernel](https://i.blackhat.com/USA-20/Thursday/us-20-Amar-Breaking-VSM-By-Attacking-SecureKernal.pdf)\n\n## CVEs\n\n- [Wandering through the Shady Corners of VMware Workstation/Fusion](https://comsecuris.com/blog/posts/vmware_vgpu_shader_vulnerabilities/)\n- [CVE-2018-2844: From Compiler Optimization to Code Execution - VirtualBox VM Escape](https://www.voidsecurity.in/2018/08/from-compiler-optimization-to-code.html)\n- [CVE-2017-3558: Oracle VM VirtualBox - Guest-to-Host Privilege Escalation via Broken Length Handling in slirp Copy](https://www.exploit-db.com/exploits/41904/)\n- [Better slow than sorry - VirtualBox 3D acceleration considered harmful](https://phoenhex.re/2018-07-27/better-slow-than-sorry)\n- [Analyzing a Patch of a Virtual Machine Escape on VMware](https://securingtomorrow.mcafee.com/mcafee-labs/analyzing-patch-of-a-virtual-machine-escape-on-vmware/)\n- [VirtualBox 3D Acceleration: An Acceleration Attack Surface](https://www.zerodayinitiative.com/blog/2018/8/28/virtualbox-3d-acceleration-an-accelerated-attack-surface)\n- [A bunch of Red Pills: VMware Escapes](https://keenlab.tencent.com/en/2018/04/23/A-bunch-of-Red-Pills-VMware-Escapes/)\n- [SSD Advisory – Oracle VirtualBox Multiple Guest to Host Escape Vulnerabilities](https://blogs.securiteam.com/index.php/archives/3649)\n- [Pandavirtualization: Exploiting the Xen hypervisor](https://googleprojectzero.blogspot.com/2017/04/pandavirtualization-exploiting-xen.html)\n\n\n## Malware analysis\n\n- [DEFCON 17: Reverse Engineering By Crayon: Hypervisor Based Malware Analysis and Visualization](https://www.youtube.com/watch?v=i3I8wtrjYY4)\n- [Hypervisors In Ur Toolbox: Monitoring N Controlling System Events With HyperPlatform](https://www.youtube.com/watch?v=oSkP5k0Bkgk)\n- [How to hide a hook: A hypervisor for rootkits](http://phrack.org/issues/69/15.html#article)","projects_url":"https://awesome.ecosyste.ms/api/v1/lists/wenzel%2Fawesome-virtualization/projects"}