Kevin Beaumont
Follow

Great research for Microsoft here - Black Basta and Akira ransomware deployment using a logic flaw in VMware ESXi, using a zero day (which they don't mention).

If you get domain admin in Windows, you can make an Active Directory group called "ESX Admins", and then you can log into ESXi - this allows you to encrypt non-Windows systems (and everything else in VMware)

microsoft.com/en-us/security/b

· Edited · · Web · 7 · 37 · 58