Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.
Awesome Lists | Featured Topics | Projects
https://github.com/Wenzel/awesome-virtualization

Collection of resources about Virtualization
https://github.com/Wenzel/awesome-virtualization
List: awesome-virtualization
hypervisor virtual-machine virtualization
Last synced: about 2 months ago
JSON representation
Collection of resources about Virtualization
Host: GitHub
URL: https://github.com/Wenzel/awesome-virtualization
Owner: Wenzel
License: gpl-3.0
Created: 2017-02-23T21:18:29.000Z (over 7 years ago)
Default Branch: master
Last Pushed: 2024-05-10T15:22:40.000Z (4 months ago)
Last Synced: 2024-05-21T12:20:42.464Z (4 months ago)
Topics: hypervisor, virtual-machine, virtualization
Homepage:
Size: 195 KB
Stars: 1,651
Watchers: 88
Forks: 280
Open Issues: 7
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project

awesome-telco-cloud - Awesome Virtualization - Collection of resources about Virtualization (Awesome Squared)
ultimate-awesome - awesome-virtualization - Collection of resources about Virtualization. (Other Lists / PowerShell Lists)
README

        # Awesome Virtualization [![Awesome](https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg)](https://github.com/sindresorhus/awesome)

A curated list of awesome resources about virtualization.

## Table of Contents

- [Chronology](#chronology)

- [Documentation](#documentation)

- [Books](#books)

- [Courses](#courses)

- [Papers](#papers)

- [Research Projects](#research-projects)

- [Mainstream Hypervisors Documentation](#mainstream-hypervisors-documentation)

    - [KVM](#kvm)

    - [Xen](#xen)

    - [QEMU](#qemu)

    - [VMware](#vmware)

    - [VirtualBox](#virtualbox)

    - [Hyper-V](#hyper-v)

- [Hypervisor Development](#hypervisor-development)

- [Virtual Machine Introspection](#virtual-machine-introspection)

- [Attacking Hypervisors](#attacking-hypervisors)

    - [KVM](#kvm-1)

    - [Xen](#xen-1)

    - [VMware](#vmware-1)

    - [VirtualBox](#virtualbox-1)

    - [Hyper-V](#hyper-v-1)

- [Malware Analysis](#malware-analysis)

## Chronology

- 2005-November-13: Intel `VT-x` released on `Pentium 4` (Model `662` and `672`) processors

- 2006-May-23: AMD `AMD-V` released on `Orleans` and `Windsor` processors

- 2007-September-10 : AMD `Barcelona` adds `RVI` (_Rapid Virtualization Indexing_) a.k.a (_Nested Page Tables_) a.k.a (`SLAT`)

- 2008-November: Intel `Nehalem`

    - `EPT` (_Extended Page Tables_) a.k.a (`SLAT`)

    - `VPID` (_Virtual Processor ID_)

- 2010-January-7: Intel `Westmere` adds `unrestricted guests` a.k.a (_Real Mode Support_)

- 2013-June-4: Intel `haswell`:

    - `VMCS Shadowing`

    - `VMFUNC`, `#VE` and `EPTP` switching

- 2017

    - June-21: AMD `EPYC` adds suport for `Secure Encrypted Virtualization` (_SEV_)

    - AMD documents `Encrypted State` (_SEV-ES_)

- 2019

    - AMD documents `Secure Nested Paging` (_SEV-SNP_)

    - August-1: Intel `Ice Lake`

        - `EPT SPP` (_EPT-Based Sub-Page Write Protection_)

        - Virtualizing `Intel Processor Trace` output buffer using EPT

- 2020-March: Intel documents `Hypervisor-Managed Linear Address Translation` (_HLAT_)

## Documentation

### Intel

- [Intel® 64 and IA-32 architectures software developer's manual volume 3C](https://software.intel.com/sites/default/files/managed/7c/f1/326019-sdm-vol-3c.pdf)

- [VMCS Layout](https://github.com/LordNoteworthy/cpu-internals/blob/master/VMCS-Layout.pdf)

- [VMX Caps](https://htmlpreview.github.io/?https://github.com/honorarybot/VmxCaps/blob/master/vmx.html)

### AMD

- [Secure Encrypted Virutalization](https://developer.amd.com/sev/)

## Books

- [Hardware and Software Support for Virtualization](https://www.amazon.com/Hardware-Software-Virtualization-Synthesis-Architecture/dp/1627056939)

- [Virtual Machines: Versatile Platforms for Systems and Processes](https://www.amazon.com/Virtual-Machines-Versatile-Platforms-Architecture/dp/1558609105)

- [Mastering KVM Virtualization](https://www.amazon.com/Mastering-Virtualization-Humble-Devassy-Chirammal/dp/1784399051)

## Courses

- [Memory Virtualization playlist by Udacity](https://www.youtube.com/watch?v=-y9J78wSJHY&list=PLGvfHSgImk4aP4moOrG-KEqVO8gRFh4rb&index=122)

- [Full Virtualization by Geoffrey Challen](https://www.youtube.com/watch?v=2moUsgMOie4)

- [Xen and the Art of Virtualization by Geoffrey Challen](https://www.youtube.com/watch?v=fYH8A3RjPwY)

- [Container Virtualization by Geoffrey Challen](https://www.youtube.com/watch?v=nanHh0t4ssE)

- [Open Security Training Advanced VT-x course](http://opensecuritytraining.info/AdvancedX86-VTX.html)

- [From Kernel to VMM](https://www.youtube.com/watch?v=FSw8Ff1SFLM)

- [MMU Virtualization via Intel EPT](https://revers.engineering/mmu-ept-technical-details/)

- [Virtualization and Computing Lectures](https://www.youtube.com/playlist?list=PLDW872573QAbcpQ7VSUdcm4o3tgnQYBE8)

## Papers

- [A comparison of software and hardware techniques for x86 virtualization by K. Adams and O. Agesen (2006)](https://www.vmware.com/pdf/asplos235_adams.pdf)

- [Bringing Virtualization to the x86 Architecture with the Original VMware Workstation by Edouard Bugnion, Scott Devine, Mendel Rosenblum, Jeremy Sugerman, And Edward Y. Wang](http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.423.4009&rep=rep1&type=pdf)

- [The evolution of an x86 virtual machine monitor by O. Agesen, A. Garthwaite, J. Sheldon, and P. Subrahmanyam](http://web.mit.edu/6.033/2011/wwwdocs/papers/agesen.pdf)

- [Formal Requirements for Virtualizable Third Generation Architectures by Gerald J. Popek & Robert P. Goldberg](http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.141.4815&rep=rep1&type=pdf)

- [Modern Operating System 4th Edition (Chapter: Virtualization and the cloud) by Andrew Tanembaum](https://www.pearson.com/us/higher-education/program/Tanenbaum-Modern-Operating-Systems-4th-Edition/PGM80736.html)

- [Xen and the Art of Virtualization by Paul Barham, Boris Dragovic, Keir Fraser, Steven Hand, Tim Harris, Alex Ho, Rolf Neugebauer, Ian Pratt, Andrew Warfield](http://www.cs.yale.edu/homes/yu-minlan/teach/csci599-fall12/papers/xen.pdf)

- [Understanding Full Virtualization, Paravirtualization and Hardware Assisted Virtualization by VMWare](https://www.vmware.com/techpapers/2007/understanding-full-virtualization-paravirtualizat-1008.html)

- [Dynamic Binary Translation from x86-32 code to x86-64 code for Virtualization by Yu-hsin Chen.](https://dspace.mit.edu/handle/1721.1/53095)

- [MemoryRanger Prevents Hijacking FILE_OBJECT Structures in Windows Kernel by Igor Korkin (2019)](https://igorkorkin.blogspot.com/2019/04/memoryranger-prevents-hijacking.html)

- [HyperDbg: Reinventing Hardware-Assisted Debugging](https://arxiv.org/pdf/2207.05676)

- [The Reversing Machine: Reconstructing Memory Assumptions](https://arxiv.org/pdf/2405.00298)

## Research Projects

- 2006: [Blue Pill](http://www.invisiblethingslab.com/resources/bh07/nbp-0.32-public.zip)

- 2008: [BitVisor](https://bitbucket.org/bitvisor/bitvisor/)

- 2010:

    - [Xvisor](http://xhypervisor.org/)

    - [NOVA](https://github.com/udosteinberg/NOVA)

- 2011:

    - [ramooflax](https://github.com/airbus-seclab/ramooflax)

    - [TinyVM](https://github.com/jakogut/tinyvm)

- 2013: [jailhouse](https://github.com/siemens/jailhouse)

- 2014: [HOSS](http://www.cs.unc.edu/~porter/hoss/)

- 2015: [Bareflank](https://github.com/Bareflank/hypervisor)

- 2016:

    - [SimpleVisor](https://github.com/ionescu007/SimpleVisor)

    - [HyperPlatform](https://github.com/tandasat/HyperPlatform)

    - [kHypervisor](https://github.com/Kelvinhack/kHypervisor)

    - [rustyvisor](https://github.com/iankronquist/rustyvisor)

    - [HyperBone](https://github.com/DarthTon/HyperBone)

    - [VivienneVMM](https://github.com/changeofpace/VivienneVMM)

- 2017:

    - [hypervisor-for-beginners](https://github.com/rohaaan/hypervisor-for-beginners)

    - [Intel HAXM](https://github.com/intel/haxm)

    - [ksm](https://github.com/asamy/ksm)

    - [crosvm](https://github.com/dgreid/crosvm)

    - [Firecracker](https://github.com/firecracker-microvm/firecracker)

    - [SimpleSvm](https://github.com/tandasat/SimpleSvm)

    - [GiantVM](https://github.com/GiantVM/homepage)

- 2018:

    - [hvpp](https://github.com/wbenny/hvpp)

    - [ACRN](https://projectacrn.github.io/)

    - [gbhv](https://github.com/Gbps/gbhv)

    - [applepie](https://github.com/gamozolabs/applepie)

    - [boxy](https://github.com/Bareflank/boxy)

    - [nemu](https://github.com/intel/nemu)

    - [gvisor](https://github.com/google/gvisor)

    - [NoirVisor](https://github.com/Zero-Tang/NoirVisor)

 - 2019:

    - [rust-vmm](https://github.com/rust-vmm/community)

    - [MemoryRanger](https://github.com/IgorKorkin/MemoryRanger)

    - [ZeldaOS.x86_64](https://github.com/chillancezen/ZeldaOS.x86_64)

    - [vbh](https://github.com/intel/vbh)

    - [HypSec](https://www.usenix.org/system/files/sec19-li-shih-wei.pdf)

    - [zpp_hypervisor](https://github.com/eyalz800/zpp_hypervisor)

    - [orange_slice](https://github.com/gamozolabs/orange_slice)

    - [cloud-hypervisor](https://github.com/cloud-hypervisor/cloud-hypervisor)

    - [uhyve](https://github.com/hermitcore/uhyve)

    - [mythril](https://github.com/mythril-hypervisor/mythril)

  - 2020:

    - [MiniVisorPkg](https://github.com/tandasat/MiniVisorPkg)

    - [MicroV](https://github.com/Bareflank/MicroV)

    - [Zelda.RISCV](https://github.com/chillancezen/Zelda.RISCV.Emulator)

    - [napoca](https://github.com/napocahv/napoca)

    - [barbervisor](https://github.com/Cisco-Talos/Barbervisor)

    - [Hedron](https://github.com/cyberus-technology/hedron)

## Mainstream Hypervisors Documentation

### KVM

- [KVM website](http://www.linux-kvm.org/page/Main_Page)

- [KVM forum](http://www.linux-kvm.org/page/KVM_Forum)

- [set of KVM documentations](http://www.linux-kvm.org/page/Documents)

- [How VT-x, KVM and QEMU Work Together](https://binarydebt.wordpress.com/2018/10/14/intel-virtualisation-how-vt-x-kvm-and-qemu-work-together)

### Xen

- [Xen website](https://www.xenproject.org/)

### QEMU

- [QEMU website](https://www.qemu.org/)

### VMware

- [The Architecture of VMware ESXi](https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/techpaper/ESXi_architecture.pdf)

### VirtualBox

- [VirtualBox website](https://www.virtualbox.org/)

- [VirtualBox documentation](https://www.virtualbox.org/wiki/Technical_documentation)

### Hyper-V

- [Hyper-V internals researches (2006-2019)](https://github.com/gerhart01/Hyper-V-Internals/blob/master/HyperResearchesHistory.md)

- 2015:

    - [Battle of SKM and IUM](http://www.alex-ionescu.com/blackhat2015.pdf)

    - [Ring 0 to Ring -1 Attacks](http://www.alex-ionescu.com/syscan2015.pdf)

- 2017:

    - [Virtualization Based Security - Part 1: The boot process](https://blog.amossys.fr/virtualization-based-security-part1.html)

    - [Virtualization Based Security - Part 2: kernel communications](https://blog.amossys.fr/virtualization-based-security-part2.html)

    - [Hyper-V and its Memory Manager](http://www.andrea-allievi.com/files/Recon_2017_Montreal_HyperV_public.pptx)

- 2018:

    - [A Dive in to Hyper-V Architecture & Vulnerabilities](https://github.com/Microsoft/MSRC-Security-Research/blob/master/presentations/2018_08_BlackHatUSA/A%20Dive%20in%20to%20Hyper-V%20Architecture%20and%20Vulnerabilities.pdf)

    - [Hardening Hyper-V through offensive security research - Black Hat](https://i.blackhat.com/us-18/Thu-August-9/us-18-Rabet-Hardening-Hyper-V-Through-Offensive-Security-Research.pdf)

    - [First Steps in Hyper-V Research](https://msrc-blog.microsoft.com/2018/12/10/first-steps-in-hyper-v-research/)

- 2019:

    - [Growing Hypervisor 0day with Hyperseed](http://paper.vulsee.com/OffensiveCon2019/2019_02%20-%20OffensiveCon%20-%20Growing%20Hypervisor%200day%20with%20Hyperseed.pdf)

    - [VBS and VSM Internals](https://raw.githubusercontent.com/saaramar/Publications/master/BluehatIL_VBS_meetup/VBS_Internals.pdf)

- 2020:

    - [Hyper-V #0x1 - Hypercalls part 1](https://foxhex0ne.blogspot.com/2020/05/hyper-v-0x1-hypercalls-part-1.html)

    - [Hyper-V LIS](https://re.alisa.sh/notes/Hyper-V-LIS.html)

- [Virtualization Documentation](https://docs.microsoft.com/fr-fr/virtualization/)

- [Hyper-V technet](https://technet.microsoft.com/en-us/library/mt169373(v=ws.11).aspx)

- [Hyper-V Internals](http://hvinternals.blogspot.com)

## Hypervisor Development

### Hypervisor From Scratch

- [Part 1: Basic Concepts & Configure Testing Environment](https://rayanfam.com/topics/hypervisor-from-scratch-part-1)

- [Part 2: Entering VMX Operation](https://rayanfam.com/topics/hypervisor-from-scratch-part-2)

- [Part 3: Setting up Our First Virtual Machine](https://rayanfam.com/topics/hypervisor-from-scratch-part-3)

- [Part 4: Address Translation Using Extended Page Table (EPT)](https://rayanfam.com/topics/hypervisor-from-scratch-part-4)

- [Part 5: Setting up VMCS & Running Guest Code](https://rayanfam.com/topics/hypervisor-from-scratch-part-5)

- [Part 6: Virtualizing An Already Running System](https://rayanfam.com/topics/hypervisor-from-scratch-part-6)

- [Part 7: Using EPT & Page-Level Monitoring Features](https://rayanfam.com/topics/hypervisor-from-scratch-part-7)

- [Part 8: How To Do Magic With Hypervisor!](https://rayanfam.com/topics/hypervisor-from-scratch-part-8)

### 5 Days to Virtualization

- [Day 0: Virtual Environment Setup, Scripts, and WinDbg ](https://revers.engineering/day-0-virtual-environment-setup-scripts-and-windbg/)

- [Day 1: Introduction to Virtualization, Type Definitions, and Support Testing](https://revers.engineering/day-1-introduction-to-virtualization/)

- [Day 2: Entering VMX Operation, Explaining Implementation Requirements](https://revers.engineering/day-2-entering-vmx-operation/)

- [Day 3: The VMCS, Component Encoding, and Multiprocessor Initialization](https://revers.engineering/day-3-multiprocessor-initialization-error-handling-the-vmcs/)

- [Day 4: VMCS Initialization, Segmentation, and Operation Visualization](https://revers.engineering/day-4-vmcs-segmentation-ops/)

- [Day 5: The VM-exit Handler, Event Injection, Context Modifications, and CPUID Emulation](https://revers.engineering/day-5-vmexits-interrupts-cpuid-emulation/)

## Virtual Machine Introspection

- [Zero-Footprint Guest Memory Introspection from Xen by Mihai Dontu](https://www.youtube.com/watch?v=GGjPU6jHi_w) - [[Slides]](https://www.slideshare.net/xen_com_mgr/zero-footprint-guest-memory-introspection-from-xen) [[Update]](http://events17.linuxfoundation.org/sites/events/files/slides/Zero-Footprint%20Guest%20Memory%20Introspection%20with%20Xen.pdf)

- [Hypervisor memory introspection at the next level](https://www.usenix.org/sites/default/files/conference/protected-files/atc15_slides_lutas.pdf)

- [Bringing Commercial Grade Virtual Machine Introspection to KVM by Mihai Donțu](https://www.youtube.com/watch?v=sUPSogabV-o) - [[Slides]](http://events17.linuxfoundation.org/sites/events/files/slides/Zero-Footprint%20Guest%20Memory%20Introspection%20with%20Xen.pdf)

- [Hypervisor-based, hardware-assisted system monitoring](https://www.youtube.com/watch?v=yTAVS0-qJRU)

- [Virtual Machine Introspection to Detect and Protect](https://www.youtube.com/watch?v=EZPXy314q3E)

- [Hypervisor Memory Forensics](http://www.s3.eurecom.fr/docs/raid13_graziano.pdf) - [[Slides]](http://s3.eurecom.fr/~emdel/talks/grazianolanzi_hitb.pdf)

- [Who Watches The Watcher? Detecting Hypervisor Introspection from Unprivileged Guests](https://dfrws.org/sites/default/files/session-files/paper_who_watches_the_watcher_detecting_hypervisor_introspection_from_unprivileged_guests.pdf)

- [DRAKVUF Black-box Binary Analysis for in-depth execution tracing of arbitrary binaries](https://drakvuf.com)

- [Patchguard: Detection of Hypervisor Based Introspection - P1](https://revers.engineering/patchguard-detection-of-hypervisor-based-instrospection-p1/)

- [Patchguard: Detection of Hypervisor Based Introspection - P2](https://revers.engineering/patchguard-detection-of-hypervisor-based-instrospection-p2/)

- [Reversing with HyperDbg (Dbg3301) - OpenSecurityTraining](https://www.youtube.com/playlist?list=PLUFkSN0XLZ-kF1f143wlw8ujlH2A45nZY)

## Attacking Hypervisors

- [Blackhat 2010 - Hacking the Hypervisor](https://www.youtube.com/watch?v=sTC9x5hYYFo&t=3s)

- [Software Attacks on Hypervisor Emulation of Hardware](https://www.youtube.com/watch?v=c4DnlP88D2Y) - [[Slides]](https://www.troopers.de/downloads/troopers17/TR17_Attacking_hypervisor_through_hardwear_emulation.pdf)

- [Lessons Learned from Eight Years of Breaking Hypervisors](https://www.youtube.com/watch?v=PJWJjb0uxXE) - [[Slides]](https://www.blackhat.com/docs/eu-14/materials/eu-14-Wojtczuk-Lessons-Learned-From-Eight-Years-Of-Breaking-Hypervisors.pdf)

- [Attacking Hypervisors Using Firmware And Hardware](https://www.youtube.com/watch?v=nyW3eTobXAI) - [[Slides]](http://c7zero.info/stuff/AttackingHypervisorsViaFirmware_bhusa15_dc23.pdf)

- [The Arms Race Over Virtualization](https://www.youtube.com/watch?v=nWvg7NKwOjg) - [[Slides]](https://www.blackhat.com/docs/us-16/materials/us-16-Luan-Ouroboros-Tearing-Xen-Hypervisor-With-The-Snake.pdf)

- [Glitches in the Matrix – Escape via NMI](https://www.cpl0.com/blog/?p=46)

- [Hypervisor Vulnerability Research - State of the Art](https://alisa.sh/slides/HypervisorVulnerabilityResearch2020.pdf)

### KVM

- [Virtualization under attack: Breaking out of KVM](https://www.youtube.com/watch?v=J7TmDGlBqpg) - [[Slides]](http://www.hakim.ws/DEFCON19/Speakers/Elhage/DEFCON-19-Elhage-Virtualization-Under-Attack.pdf)

- [Performant Security Hardening of KVM by Steve Rutherford](https://www.youtube.com/watch?v=vj5PA_D03Vg) - [[Slides]](http://www.linux-kvm.org/images/3/3d/01x02-Steve_Rutherford-Performant_Security_Hardening_of_KVM.pdf)

### Xen

- [Ouroboros: Tearing Xen Hypervisor With the Snake](https://www.youtube.com/watch?v=kt3kX94kWcM) 

- [Subverting the Xen hypervisor](https://invisiblethingslab.com/resources/bh08/part1.pdf)

- [Preventing and Detecting Xen Hypervisor Subversions](https://invisiblethingslab.com/resources/bh08/part2.pdf)

- [Bluepilling the Xen Hypervisor](https://invisiblethingslab.com/resources/bh08/part3.pdf)

- [XenPwn: Breaking paravirtualized devices](https://www.youtube.com/watch?v=qxz8MzE3QME) - [[Slide]](https://www.blackhat.com/docs/us-16/materials/us-16-Wilhelm-Xenpwn-Breaking-Paravirtualized-Devices-wp.pdf)

- [Advanced Exploitation: Xen Hypervisor VM Escape ](https://www.youtube.com/watch?v=6Ld5CiInrcI)

- [Xen exploitation part 1: XSA-105, from nobody to root](https://blog.quarkslab.com/xen-exploitation-part-1-xsa-105-from-nobody-to-root.html)

- [Xen exploitation part 2: XSA-148, from guest to host](https://blog.quarkslab.com/xen-exploitation-part-2-xsa-148-from-guest-to-host.html)

### VMware

- [Cloudburst: Hacking 3D And Breaking Out Of Vmware](https://www.youtube.com/watch?v=NnYNaLSiOxY)

- [The Great Escapes Of Vmware: A Retrospective Case Study Of VMWare Guest-To-Host Escape Vulnerabilities](https://www.blackhat.com/docs/eu-17/materials/eu-17-Mandal-The-Great-Escapes-Of-Vmware-A-Retrospective-Case-Study-Of-Vmware-G2H-Escape-Vulnerabilities.pdf)

- [Out of the Truman Show: VM Escape in VMware Gracefully](https://www.slideshare.net/MSbluehat/bluehat-v17-out-of-the-truman-show-vm-escape-in-vmware-gracefully)

- [Control Register Access Exiting and Crashing VMware](https://howtohypervise.blogspot.com/2018/10/control-register-access-exiting-and.html)

### VirtualBox

- [Unboxing your virtualBox](https://www.youtube.com/watch?v=fFaWE3jt7qU) - [[Slides]](https://raw.githubusercontent.com/phoenhex/files/master/slides/unboxing_your_virtualboxes.pdf)

- [Breaking Out of VirtualBox through 3D Acceleration](https://www.youtube.com/watch?v=i29bAx6W1uI) - [[Slides]](https://www.coresecurity.com/system/files/publications/2016/05/corelabs-Breaking_Out_of_VirtualBox_through_3D_Acceleration-Francisco_Falcon.pdf)

- [VirtualBox VMSVGA VM Escape](https://www.voidsecurity.in/2018/11/virtualbox-vmsvga-vm-escape.html)

- [VirtualBox NAT DHCP/BOOTP server vulnerabilities](https://www.voidsecurity.in/2018/11/virtualbox-nat-dhcpbootp-server.html)

### Hyper-V

- [Awesome Hyper-V Exploitation](https://github.com/shogunlab/awesome-hyper-v-exploitation)

- 2014

    - [Security Assessment of Microsoft Hyper-V](https://static.ernw.de/whitepaper/ERNW_Newsletter_43_HyperV_en.pdf)

- 2015

    - [Ring 0 to Ring -1 Exploitation with Hyper-V IPC](https://www.youtube.com/watch?v=_NaRZvrs8xY)

- 2018

    - [VBS and VSM Internals](https://raw.githubusercontent.com/saaramar/Publications/master/BluehatIL_VBS_meetup/VBS_Internals.pdf)

    - [Hardening Hyper-V through offensive security research - Black Hat](https://i.blackhat.com/us-18/Thu-August-9/us-18-Rabet-Hardening-Hyper-V-Through-Offensive-Security-Research.pdf)

    - [A Dive in to Hyper-V Architecture & Vulnerabilities](https://github.com/Microsoft/MSRC-Security-Research/blob/master/presentations/2018_08_BlackHatUSA/A%20Dive%20in%20to%20Hyper-V%20Architecture%20and%20Vulnerabilities.pdf)

- 2019

    - [Writing a Hyper-V Bridge for Fuzzing](http://www.alex-ionescu.com/?p=377)

    - [Fuzzing para-virtualized devices in Hyper-V](https://msrc-blog.microsoft.com/2019/01/28/fuzzing-para-virtualized-devices-in-hyper-v/)

    - [Growing Hypervisor 0day with Hyperseed](http://paper.vulsee.com/OffensiveCon2019/2019_02%20-%20OffensiveCon%20-%20Growing%20Hypervisor%200day%20with%20Hyperseed.pdf)

- 2020

    - [Breaking VSM by Attacking SecureKernel](https://i.blackhat.com/USA-20/Thursday/us-20-Amar-Breaking-VSM-By-Attacking-SecureKernal.pdf)

## CVEs

- [Wandering through the Shady Corners of VMware Workstation/Fusion](https://comsecuris.com/blog/posts/vmware_vgpu_shader_vulnerabilities/)

- [CVE-2018-2844: From Compiler Optimization to Code Execution - VirtualBox VM Escape](https://www.voidsecurity.in/2018/08/from-compiler-optimization-to-code.html)

- [CVE-2017-3558: Oracle VM VirtualBox - Guest-to-Host Privilege Escalation via Broken Length Handling in slirp Copy](https://www.exploit-db.com/exploits/41904/)

- [Better slow than sorry - VirtualBox 3D acceleration considered harmful](https://phoenhex.re/2018-07-27/better-slow-than-sorry)

- [Analyzing a Patch of a Virtual Machine Escape on VMware](https://securingtomorrow.mcafee.com/mcafee-labs/analyzing-patch-of-a-virtual-machine-escape-on-vmware/)

- [VirtualBox 3D Acceleration: An Acceleration Attack Surface](https://www.zerodayinitiative.com/blog/2018/8/28/virtualbox-3d-acceleration-an-accelerated-attack-surface)

- [A bunch of Red Pills: VMware Escapes](https://keenlab.tencent.com/en/2018/04/23/A-bunch-of-Red-Pills-VMware-Escapes/)

- [SSD Advisory – Oracle VirtualBox Multiple Guest to Host Escape Vulnerabilities](https://blogs.securiteam.com/index.php/archives/3649)

- [Pandavirtualization: Exploiting the Xen hypervisor](https://googleprojectzero.blogspot.com/2017/04/pandavirtualization-exploiting-xen.html)

## Malware analysis

- [DEFCON 17: Reverse Engineering By Crayon: Hypervisor Based Malware Analysis and Visualization](https://www.youtube.com/watch?v=i3I8wtrjYY4)

- [Hypervisors In Ur Toolbox: Monitoring N Controlling System Events With HyperPlatform](https://www.youtube.com/watch?v=oSkP5k0Bkgk)

- [How to hide a hook: A hypervisor for rootkits](http://phrack.org/issues/69/15.html#article)