filmov
tv
Numchecker: A System Approach for Kernel Rootkit Detection
Показать описание
by Xueyang Wang & Xiaofei Guo
Kernel rootkits are stealthy and can have unrestricted access to system resources. In our talk, we will present NumChecker, a new Virtual Machine Monitor (VMM) based framework to detect and identify control-flow modifying kernel rootkits in a guest Virtual Machine (VM). NumChecker detects and identifies malicious modifications to a system call in the guest VM by measuring low-level events that occur during the system call's execution.
To efficiently measure these events, NumChecker leverages the Hardware Performance Counters (HPCs) in modern processors. HPCs today are able to measure a large number of low-level events that are related to program behavior. We implement NumChecker on Linux with the Kernel-based Virtual Machine. The results on a number of real-world kernel rootkits show that NumChecker is practical and effective.
Kernel rootkits are stealthy and can have unrestricted access to system resources. In our talk, we will present NumChecker, a new Virtual Machine Monitor (VMM) based framework to detect and identify control-flow modifying kernel rootkits in a guest Virtual Machine (VM). NumChecker detects and identifies malicious modifications to a system call in the guest VM by measuring low-level events that occur during the system call's execution.
To efficiently measure these events, NumChecker leverages the Hardware Performance Counters (HPCs) in modern processors. HPCs today are able to measure a large number of low-level events that are related to program behavior. We implement NumChecker on Linux with the Kernel-based Virtual Machine. The results on a number of real-world kernel rootkits show that NumChecker is practical and effective.
0:52:43
Numchecker: A System Approach for Kernel Rootkit Detection
0:52:43
Numchecker A System Approach for Kernel Rootkit Detection
0:04:49
Detect Kernel-Mode Rootkits via Real Time Logging & Controlling Memory Access
0:00:45
Everything You need to know about rootkits - Rootkits - rootkits take admin access
0:03:19
The Correct Way To Remove 'Zero Access Root Kit Trojan' From A PC or Laptop
1:08:57
Demigod: The Art of Emulating Kernel Rootkits
0:05:03
Chkrootkit: Check Your System For Hidden Rootkits
0:34:06
Syslogk Linux Kernel Rootkit - Executing Bots via “Magic Packets” - David Álvarez Pérez
0:40:14
Kernel Mod Rootkits on Modern Linux Systems (by Alex Caceres)
0:53:16
Day 2 Part 1: Rootkits: What they are, and how to find them
0:01:42
MemoryMon: Analyzing Turla Rootkit
0:52:11
Linux Kernel Rootkits - Matveychikov & f0rb1dd3n - H2HC 2018
0:01:30
Memory Diff Analysis of Average Coder Linux Rootkit
0:06:54
PoC UEFI firmware rootkit steals secrets from virtual machines
0:30:25
Unveiling the kernel: rootkit discovery using selective automated kernel memory differencing
0:08:57
Remove New ZeroAccess / Sirefef / MAX++ Rootkit 2013
0:11:24
Almost invisible rootkit for x64: IRP hook kernel keylogger part_1
0:34:56
Breaching the Depths of the Abyss: Exposing Rootkits and Bootkits
0:03:38
Kernel Rootkit Simple Demo for CentOS 6.5
0:05:29
Kernel Rootkit
0:46:39
You Can’t See Me: A Mac OS X Rootkit Uses the Tricks You Haven’t Known Yet
0:11:26
Reversing and Malware Analysis Training - Rootkit Analysis Demo3 (darkmegi/waltrodock)
0:01:14
Unix & Linux: How to detect rootkit linux kernel module based?
0:14:50
Windows Programming - Rootkits Detection Basics 3 - Modifying Memory
Комментарии