1

I have a physical server deployed to a third party. On said server, runs a Windows 2016 Hyper-V VM. The VM's VHDX is encrypted with Bitlocker.

The third party has admin access to the physical server, but no access whatsoever to the the VM. The Bitlocker encryption key is also in my hands only.

Given this scenario, can you see any way the third party could make a working, accessible copy of the data within the VM?

resle
  • 189
  • 1
  • 1
  • 9

2 Answers2

1

Assuming the virtual does not have a startup key, and you must enter a recovery key to start (if that is not the case, it is definitely not secure).

There is a reason shielded virtual machines exist. Security of the physical host is equally important as the security of the virtual guests. If someone has administrative access to the host, the guest may be compromised. It's as simple as getting a memory dump of the guest, and using a free tool to extract the key from the memory dump.

Greg Askew
  • 35,880
  • 5
  • 54
  • 82
0

There are multiple possibilities:

  • Password guessing/bruteforcing/other attacks
  • Host/Guest RAM manipulation
  • Any other exploit which makes the third party able to run code in the VM
  • maybe even guest tools of Hyper-V/powershell?
  • Logon Screen exploit
  • Exploit of autorun of CD/USB/PCI passthrough devices
  • Changing/manipulating the boot sector/loader?

I'm not a hacker but as IT professional I know there is always a way with the right tools/knowledge and time.

unNamed
  • 545
  • 2
  • 11
  • Indeed. Perhaps I should have specified the third party is not particularly tech savvy. Basic network administration and hw/systems maintenance skills in house. No access to such advanced skillsets – resle Mar 28 '19 at 09:08
  • Information about Bitlocker's security: https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-countermeasures – unNamed Mar 28 '19 at 09:21