Creating modern blue pills and red pills

Asaf Algawi, Michael Kiperberg, Roee Leon, Amit Resh, Nezer Zaidenberg

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

5 Scopus citations

Abstract

The blue pill is a malicious stealthy hypervisor-based rootkit. The red pill is a software package that is designed to detect such blue pills. Since the blue pill was originally proposed there has been an ongoing arms race between developers that try to develop stealthy hypervisors and developers that try to detect such stealthy hypervisors. Furthermore, hardware advances have made several stealth attempts impossible while other advances enable even more stealthy operation. In this paper we describe the current status of detecting stealth hypervisors and methods to counter them.

Original languageEnglish
Title of host publicationProceedings of the 18th European Conference on Cyber Warfare and Security, ECCWS 2019
EditorsTiago Cruz, Paulo Simoes
PublisherCurran Associates Inc.
Pages6-14
Number of pages9
ISBN (Electronic)9781912764280
StatePublished - 2019
Externally publishedYes
Event18th European Conference on Cyber Warfare and Security, ECCWS 2019 - Coimbra, Portugal
Duration: 4 Jul 20195 Jul 2019

Publication series

NameEuropean Conference on Information Warfare and Security, ECCWS
Volume2019-July
ISSN (Print)2048-8602
ISSN (Electronic)2048-8610

Conference

Conference18th European Conference on Cyber Warfare and Security, ECCWS 2019
Country/TerritoryPortugal
CityCoimbra
Period4/07/195/07/19

Keywords

  • Forensics
  • Information security
  • Virtualization

Fingerprint

Dive into the research topics of 'Creating modern blue pills and red pills'. Together they form a unique fingerprint.

Cite this