Practical Evasion of Red Pill in Modern Computers

Amit Resh; Nezer Zaidenberg; Michael Kiperberg

doi:10.1007/978-3-030-91293-2_20

Practical Evasion of Red Pill in Modern Computers

Amit Resh
, Nezer Zaidenberg
, Michael Kiperberg

פרסום מחקרי: פרסום בכתב עת › מאמר › ביקורת עמיתים

1 ציטוט ‏(Scopus)

תקציר

The blue pill is a malicious stealthy hypervisor-based rootkit. The red pill is a software package designed to detect blue pills or hypervisors in general. Ever since the blue pill was originally proposed, there has been an ongoing arms race between developers trying to develop stealthy hypervisors and developers trying to detect such stealthy hypervisors. Hypervisors can also be used for monitoring and forensic purposes, while malicious software may include a red pill component to discover such a hypervisor in order to evade it. This chapter discusses a practical approach to counter such malicious software by evading the red pill components.

שפה מקורית	אנגלית
עמודים (מ-עד)	461-473
מספר עמודים	13
כתב עת	Computational Methods in Applied Sciences
כרך	56
מזהי עצם דיגיטלי (DOIs)	https://doi.org/10.1007/978-3-030-91293-2_20
סטטוס פרסום	פורסם - 2022
פורסם באופן חיצוני	כן

גישה למסמך

10.1007/978-3-030-91293-2_20

קבצים וקישורים אחרים

Link to publication in Scopus

פורמט ציטוט ביבליוגרפי

@article{2ca330768c114e60ab26c8dcc1b51462,

title = "Practical Evasion of Red Pill in Modern Computers",

abstract = "The blue pill is a malicious stealthy hypervisor-based rootkit. The red pill is a software package designed to detect blue pills or hypervisors in general. Ever since the blue pill was originally proposed, there has been an ongoing arms race between developers trying to develop stealthy hypervisors and developers trying to detect such stealthy hypervisors. Hypervisors can also be used for monitoring and forensic purposes, while malicious software may include a red pill component to discover such a hypervisor in order to evade it. This chapter discusses a practical approach to counter such malicious software by evading the red pill components.",

keywords = "Forensics, Information security, Red pill, Virtualization",

author = "Amit Resh and Nezer Zaidenberg and Michael Kiperberg",

note = "Publisher Copyright: {\textcopyright} 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG.",

year = "2022",

doi = "10.1007/978-3-030-91293-2\_20",

language = "אנגלית",

volume = "56",

pages = "461--473",

journal = "Computational Methods in Applied Sciences",

issn = "1871-3033",

publisher = "Springer",

}

TY - JOUR

T1 - Practical Evasion of Red Pill in Modern Computers

AU - Resh, Amit

AU - Zaidenberg, Nezer

AU - Kiperberg, Michael

PY - 2022

Y1 - 2022

N2 - The blue pill is a malicious stealthy hypervisor-based rootkit. The red pill is a software package designed to detect blue pills or hypervisors in general. Ever since the blue pill was originally proposed, there has been an ongoing arms race between developers trying to develop stealthy hypervisors and developers trying to detect such stealthy hypervisors. Hypervisors can also be used for monitoring and forensic purposes, while malicious software may include a red pill component to discover such a hypervisor in order to evade it. This chapter discusses a practical approach to counter such malicious software by evading the red pill components.

AB - The blue pill is a malicious stealthy hypervisor-based rootkit. The red pill is a software package designed to detect blue pills or hypervisors in general. Ever since the blue pill was originally proposed, there has been an ongoing arms race between developers trying to develop stealthy hypervisors and developers trying to detect such stealthy hypervisors. Hypervisors can also be used for monitoring and forensic purposes, while malicious software may include a red pill component to discover such a hypervisor in order to evade it. This chapter discusses a practical approach to counter such malicious software by evading the red pill components.

KW - Forensics

KW - Information security

KW - Red pill

KW - Virtualization

UR - https://www.scopus.com/pages/publications/85127833614

U2 - 10.1007/978-3-030-91293-2_20

DO - 10.1007/978-3-030-91293-2_20

M3 - ???researchoutput.researchoutputtypes.contributiontojournal.article???

AN - SCOPUS:85127833614

SN - 1871-3033

VL - 56

SP - 461

EP - 473

JO - Computational Methods in Applied Sciences

JF - Computational Methods in Applied Sciences

ER -

Practical Evasion of Red Pill in Modern Computers

תקציר

גישה למסמך

קבצים וקישורים אחרים

טביעת אצבע

פורמט ציטוט ביבליוגרפי