


We have discovered that around 18 percent of all the malware samples detect VMware and will stop executing on it." "Newer malware frequently use detection techniques to determine if the threat is run in a virtualized environment. Symentec - a highly respected security firm - has also raised concerns about the state of virtualization security, noting in their "Threats to Virtual Environments" white paper that malware manufacturers are taking into account virtualization technology, in order to evade detection and further analysis. For instance, if an attacker registered for a VPS on a vulnerable provider and used a Venom exploit, it would allow them to access all other virtual machines on the system, allowing them to steal encryption keys, passwords and bitcoin wallets. The risk of this bug - known as a 'hypervisor privilege escalation' bug - cannot be understated. That will likely open far more doors career-wise than a formal channel."Įxceptions like the recently patched Venom bug, which affected the XEN, QEMU, and KVM virtualization platforms, and allowed an attacker to break out of a protected operating system, and gain control of the underlying platform. It's not like law or accounting - you can go out there and practice your craft - share your findings and become a contributor to the information security community. I often get asked by people wanting to break into the industry what certification they need or what course they should pursue and my answer is that there's no real 'right' way of getting into security. We see many great security professionals come into the industry through unconventional routes. "IT Security is much an art form as it is scientific discipline. Security blogger and analyst Javvad Malik believes this way of learning is vastly more effective than obtaining certifications and qualifications: Or, for that matter, you could learn about malware analysis, do research and share your findings, and get a job in this booming field. You could, for instance, test out a variety of network security tools, without breaking any computer crime laws.

For many, this presents an opportunity to learn skills that lend themselves favorably to a career in the booming field of ethical hacking. One of the key advantages of having a safe, consequence-free box to play with is that it allows you to take risks you otherwise wouldn't take.
