Practical Evasion of Red Pill in Modern Computers

Amit Resh, Nezer Zaidenberg, Michael Kiperberg

Research output: Contribution to journalArticlepeer-review


The blue pill is a malicious stealthy hypervisor-based rootkit. The red pill is a software package designed to detect blue pills or hypervisors in general. Ever since the blue pill was originally proposed, there has been an ongoing arms race between developers trying to develop stealthy hypervisors and developers trying to detect such stealthy hypervisors. Hypervisors can also be used for monitoring and forensic purposes, while malicious software may include a red pill component to discover such a hypervisor in order to evade it. This chapter discusses a practical approach to counter such malicious software by evading the red pill components.

Original languageEnglish
Pages (from-to)461-473
Number of pages13
JournalComputational Methods in Applied Sciences
StatePublished - 2022
Externally publishedYes


  • Forensics
  • Information security
  • Red pill
  • Virtualization


Dive into the research topics of 'Practical Evasion of Red Pill in Modern Computers'. Together they form a unique fingerprint.

Cite this