{"id":1362,"date":"2024-03-11T11:20:14","date_gmt":"2024-03-11T10:20:14","guid":{"rendered":"https:\/\/cs21nextnet.cz\/?p=1362"},"modified":"2024-03-11T11:20:14","modified_gmt":"2024-03-11T10:20:14","slug":"tunneling-through-qemu","status":"publish","type":"post","link":"https:\/\/cs21nextnet.cz\/en\/tunneling-through-qemu\/","title":{"rendered":"TUNNELING THROUGH QEMU"},"content":{"rendered":"<div class=\"fusion-fullwidth fullwidth-box fusion-builder-row-1 fusion-flex-container nonhundred-percent-fullwidth non-hundred-percent-height-scrolling\" style=\"--awb-border-radius-top-left:0px;--awb-border-radius-top-right:0px;--awb-border-radius-bottom-right:0px;--awb-border-radius-bottom-left:0px;--awb-flex-wrap:wrap;\" ><div class=\"fusion-builder-row fusion-row fusion-flex-align-items-flex-start fusion-flex-content-wrap\" style=\"max-width:1248px;margin-left: calc(-4% \/ 2 );margin-right: calc(-4% \/ 2 );\"><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-0 fusion_builder_column_1_2 1_2 fusion-flex-column\" style=\"--awb-bg-size:cover;--awb-width-large:50%;--awb-margin-top-large:0px;--awb-spacing-right-large:3.84%;--awb-margin-bottom-large:20px;--awb-spacing-left-large:3.84%;--awb-width-medium:50%;--awb-order-medium:0;--awb-spacing-right-medium:3.84%;--awb-spacing-left-medium:3.84%;--awb-width-small:100%;--awb-order-small:0;--awb-spacing-right-small:1.92%;--awb-spacing-left-small:1.92%;\"><div class=\"fusion-column-wrapper fusion-column-has-shadow fusion-flex-justify-content-flex-start fusion-content-layout-column\"><div class=\"fusion-text fusion-text-1\" style=\"--awb-text-transform:none;\"><p>One unnamed company discovered that QEMU could be exploited as a means of data tunneling when it identified and analyzed suspicious network activity in its infrastructure. This fact was confirmed by researchers from Kaspersky, who demonstrated a security incident.<\/p>\n<p>Instead of well-known tunneling tools such as Chisel, FRP, ligolo, ngrok, or Plink, which are more sensitive to monitoring tools, attackers chose QEMU. QEMU can emulate, among other things, socket interfaces and bypass conventional monitoring tools. Access to the compromised company was achieved through strategically positioned QEMU virtual machines, which pivoted and ultimately tunneled communication to the internet. It is important to note that encryption of communication was sacrificed for stealth, making the tunneled data appear as normal traffic. The created virtual machines had only 1 MB of allocated RAM, minimizing their footprint on servers and making them difficult to detect. Attackers accessed the corporate infrastructure through a cloud server running Kali Linux. However, this marks the first time that the QEMU virtualization platform has been utilized for such purposes. Detailed and continuous network monitoring, along with a vigilant SOC team, is crucial to prevent similar attacks. Suspicious installations of tools not used in the company&#8217;s infrastructure can also be monitored.<\/p>\n<p>If you have concerns about your virtual security, please contact us.<\/p>\n<\/div><\/div><\/div><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-1 fusion_builder_column_1_2 1_2 fusion-flex-column\" style=\"--awb-bg-size:cover;--awb-width-large:50%;--awb-margin-top-large:0px;--awb-spacing-right-large:3.84%;--awb-margin-bottom-large:20px;--awb-spacing-left-large:3.84%;--awb-width-medium:50%;--awb-order-medium:0;--awb-spacing-right-medium:3.84%;--awb-spacing-left-medium:3.84%;--awb-width-small:100%;--awb-order-small:0;--awb-spacing-right-small:1.92%;--awb-spacing-left-small:1.92%;\"><div class=\"fusion-column-wrapper fusion-column-has-shadow fusion-flex-justify-content-flex-start fusion-content-layout-column\"><div class=\"fusion-image-element \" style=\"--awb-caption-title-font-family:var(--h2_typography-font-family);--awb-caption-title-font-weight:var(--h2_typography-font-weight);--awb-caption-title-font-style:var(--h2_typography-font-style);--awb-caption-title-size:var(--h2_typography-font-size);--awb-caption-title-transform:var(--h2_typography-text-transform);--awb-caption-title-line-height:var(--h2_typography-line-height);--awb-caption-title-letter-spacing:var(--h2_typography-letter-spacing);\"><span class=\" fusion-imageframe imageframe-none imageframe-1 hover-type-none\"><img decoding=\"async\" width=\"1024\" height=\"576\" alt=\"IT \u0159e\u0161en\u00ed na m\u00edru Ostrava\" title=\"qemu\" src=\"https:\/\/cs21nextnet.cz\/wp-content\/uploads\/2024\/03\/qemu-1024x576.png\" class=\"img-responsive wp-image-1360\" srcset=\"https:\/\/cs21nextnet.cz\/wp-content\/uploads\/2024\/03\/qemu-200x113.png 200w, https:\/\/cs21nextnet.cz\/wp-content\/uploads\/2024\/03\/qemu-400x225.png 400w, https:\/\/cs21nextnet.cz\/wp-content\/uploads\/2024\/03\/qemu-600x338.png 600w, https:\/\/cs21nextnet.cz\/wp-content\/uploads\/2024\/03\/qemu-800x450.png 800w, https:\/\/cs21nextnet.cz\/wp-content\/uploads\/2024\/03\/qemu-1200x675.png 1200w, https:\/\/cs21nextnet.cz\/wp-content\/uploads\/2024\/03\/qemu.png 1280w\" sizes=\"(max-width: 640px) 100vw, 600px\" \/><\/span><\/div><\/div><\/div><\/div><\/div>\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":5,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8],"tags":[],"class_list":["post-1362","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v25.2 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>TUNNELING THROUGH QEMU - CS21nextnet s.r.o.<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/cs21nextnet.cz\/en\/tunelovani-prostrednictvim-qemu\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"TUNNELING THROUGH QEMU - CS21nextnet s.r.o.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/cs21nextnet.cz\/tunelovani-prostrednictvim-qemu\/\" \/>\n<meta property=\"og:site_name\" content=\"CS21nextnet s.r.o.\" \/>\n<meta property=\"article:published_time\" content=\"2024-03-11T10:20:14+00:00\" \/>\n<meta name=\"author\" content=\"Barbora Hed\u011bncov\u00e1\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Barbora Hed\u011bncov\u00e1\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/cs21nextnet.cz\/tunelovani-prostrednictvim-qemu\/\",\"url\":\"https:\/\/cs21nextnet.cz\/tunelovani-prostrednictvim-qemu\/\",\"name\":\"TUNNELING THROUGH QEMU - CS21nextnet s.r.o.\",\"isPartOf\":{\"@id\":\"https:\/\/cs21nextnet.cz\/en\/#website\"},\"datePublished\":\"2024-03-11T10:20:14+00:00\",\"author\":{\"@id\":\"https:\/\/cs21nextnet.cz\/en\/#\/schema\/person\/703b97fba9b79bb79fdb7bca9c68d783\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/cs21nextnet.cz\/tunelovani-prostrednictvim-qemu\/\"]}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/cs21nextnet.cz\/en\/#website\",\"url\":\"https:\/\/cs21nextnet.cz\/en\/\",\"name\":\"CS21nextnet s.r.o.\",\"description\":\"Outsourcing ICT slu\u017eeb, Syst\u00e9mov\u00e9 integrace, Datov\u00e9 s\u00edt\u011b, Prodej software &amp; hardware\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/cs21nextnet.cz\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/cs21nextnet.cz\/en\/#\/schema\/person\/703b97fba9b79bb79fdb7bca9c68d783\",\"name\":\"Barbora Hed\u011bncov\u00e1\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/cs21nextnet.cz\/en\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/634adb53c3fc856f3a287cfa33d073c5df94e60319e148150e59ee334c219f1f?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/634adb53c3fc856f3a287cfa33d073c5df94e60319e148150e59ee334c219f1f?s=96&d=mm&r=g\",\"caption\":\"Barbora Hed\u011bncov\u00e1\"},\"url\":\"https:\/\/cs21nextnet.cz\/en\/author\/hedencovaadmin\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"TUNNELING THROUGH QEMU - CS21nextnet s.r.o.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/cs21nextnet.cz\/en\/tunelovani-prostrednictvim-qemu\/","og_locale":"en_US","og_type":"article","og_title":"TUNNELING THROUGH QEMU - CS21nextnet s.r.o.","og_url":"https:\/\/cs21nextnet.cz\/tunelovani-prostrednictvim-qemu\/","og_site_name":"CS21nextnet s.r.o.","article_published_time":"2024-03-11T10:20:14+00:00","author":"Barbora Hed\u011bncov\u00e1","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Barbora Hed\u011bncov\u00e1","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/cs21nextnet.cz\/tunelovani-prostrednictvim-qemu\/","url":"https:\/\/cs21nextnet.cz\/tunelovani-prostrednictvim-qemu\/","name":"TUNNELING THROUGH QEMU - CS21nextnet s.r.o.","isPartOf":{"@id":"https:\/\/cs21nextnet.cz\/en\/#website"},"datePublished":"2024-03-11T10:20:14+00:00","author":{"@id":"https:\/\/cs21nextnet.cz\/en\/#\/schema\/person\/703b97fba9b79bb79fdb7bca9c68d783"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/cs21nextnet.cz\/tunelovani-prostrednictvim-qemu\/"]}]},{"@type":"WebSite","@id":"https:\/\/cs21nextnet.cz\/en\/#website","url":"https:\/\/cs21nextnet.cz\/en\/","name":"CS21nextnet s.r.o.","description":"Outsourcing ICT slu\u017eeb, Syst\u00e9mov\u00e9 integrace, Datov\u00e9 s\u00edt\u011b, Prodej software &amp; hardware","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/cs21nextnet.cz\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/cs21nextnet.cz\/en\/#\/schema\/person\/703b97fba9b79bb79fdb7bca9c68d783","name":"Barbora Hed\u011bncov\u00e1","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cs21nextnet.cz\/en\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/634adb53c3fc856f3a287cfa33d073c5df94e60319e148150e59ee334c219f1f?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/634adb53c3fc856f3a287cfa33d073c5df94e60319e148150e59ee334c219f1f?s=96&d=mm&r=g","caption":"Barbora Hed\u011bncov\u00e1"},"url":"https:\/\/cs21nextnet.cz\/en\/author\/hedencovaadmin\/"}]}},"_links":{"self":[{"href":"https:\/\/cs21nextnet.cz\/en\/wp-json\/wp\/v2\/posts\/1362","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cs21nextnet.cz\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cs21nextnet.cz\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cs21nextnet.cz\/en\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/cs21nextnet.cz\/en\/wp-json\/wp\/v2\/comments?post=1362"}],"version-history":[{"count":1,"href":"https:\/\/cs21nextnet.cz\/en\/wp-json\/wp\/v2\/posts\/1362\/revisions"}],"predecessor-version":[{"id":1363,"href":"https:\/\/cs21nextnet.cz\/en\/wp-json\/wp\/v2\/posts\/1362\/revisions\/1363"}],"wp:attachment":[{"href":"https:\/\/cs21nextnet.cz\/en\/wp-json\/wp\/v2\/media?parent=1362"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cs21nextnet.cz\/en\/wp-json\/wp\/v2\/categories?post=1362"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cs21nextnet.cz\/en\/wp-json\/wp\/v2\/tags?post=1362"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}