TY - JOUR
T1 - Practical Evasion of Red Pill in Modern Computers
AU - Resh, Amit
AU - Zaidenberg, Nezer
AU - Kiperberg, Michael
N1 - Publisher Copyright:
© 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG.
PY - 2022
Y1 - 2022
N2 - The blue pill is a malicious stealthy hypervisor-based rootkit. The red pill is a software package designed to detect blue pills or hypervisors in general. Ever since the blue pill was originally proposed, there has been an ongoing arms race between developers trying to develop stealthy hypervisors and developers trying to detect such stealthy hypervisors. Hypervisors can also be used for monitoring and forensic purposes, while malicious software may include a red pill component to discover such a hypervisor in order to evade it. This chapter discusses a practical approach to counter such malicious software by evading the red pill components.
AB - The blue pill is a malicious stealthy hypervisor-based rootkit. The red pill is a software package designed to detect blue pills or hypervisors in general. Ever since the blue pill was originally proposed, there has been an ongoing arms race between developers trying to develop stealthy hypervisors and developers trying to detect such stealthy hypervisors. Hypervisors can also be used for monitoring and forensic purposes, while malicious software may include a red pill component to discover such a hypervisor in order to evade it. This chapter discusses a practical approach to counter such malicious software by evading the red pill components.
KW - Forensics
KW - Information security
KW - Red pill
KW - Virtualization
UR - http://www.scopus.com/inward/record.url?scp=85127833614&partnerID=8YFLogxK
U2 - 10.1007/978-3-030-91293-2_20
DO - 10.1007/978-3-030-91293-2_20
M3 - ???researchoutput.researchoutputtypes.contributiontojournal.article???
AN - SCOPUS:85127833614
SN - 1871-3033
VL - 56
SP - 461
EP - 473
JO - Computational Methods in Applied Sciences
JF - Computational Methods in Applied Sciences
ER -