• winxpsp3 > eKimono:aMalwareScanner

  • eKimono:aMalwareScanner

    免费下载 下载该文档 文档格式:PDF   更新时间:2009-11-09   下载次数:0   点击次数:1
    文档基本属性
    文档语言:Japanese
    文档格式:pdf
    文档作者:財)神戸市産業振興財団
    关键词:
    主题:
    备注:
    点击这里显示更多文档属性
    eKimono:aMalwareScanner forVirtualMachines
    HackInTheBoxKL,5th8th/10/2009
    NguyenAnhQuynh,KuniyasuSuzaki,RuoAndo
    TheNationalinstituteofAdvancedIndustrialScience&Technology(AIST),Japan
    1
    WhoamI
    NGUYENAnhQuynh,aresearcherworkinginJapan.
    NationalInstituteofAdvancedIndustrialScience& Technology(AIST),Japan PhDdegreeinComputerSciencefromKeioUniversity,Japan AmemberofVnsecurity.net Interests:OperatingSystem,Virtualization,Trusted computing,IDS,malware,digitalforensic,...
    2
    Agenda
    Problemsofcurrentmalwarescanner eKimono:MalwaredetectorforVirtualMachines
    IntroductiononVirtualmachine Architecture,designandimplementationofeKimono

    FocusonWindowsprotection Focusmoreonrootkitdetectioninthistalk
    eKimonodemoondetectingmalware
    Conclusions
    3
    Part I
    Problemsofcurrentmalwarescanner
    Focusonrootkits
    IntroductiononVirtualmachine Architecture,designandimplementationofeKimono
    eKimono:MalwaredetectorforVirtualMachines

    FocusonWindowsVMprotection
    eKimonodemoondetectingmalware
    Conclusions
    4
    WhatisRootkit
    Malware trying to hide their existence in the system
    Modify the system tools
    Trojan system binaries to return faked information
    Modify system to hook critical functions that can disclose their residence
    Patch system process at runtime
    IAT, EAT, Inline hooking System calls IDT, GDT IAT/EAT
    Modify system kernel

    Modify kernel objects
    DKOM technique
    5
    CurrentMalwareScanner
    Runinsidethesystemtoscanmalware MostlyonlyscanHDDtodetectmalware

    下一页

  • 下载地址 (推荐使用迅雷下载地址,速度快,支持断点续传)
  • 免费下载 PDF格式下载
  • 您可能感兴趣的
  • 韩文ghostwinxpsp3  2011winxpsp3.gho下载  雨林木风winxpsp3.gho  2011十一winxpsp3下载  纯净版winxpsp3.gho  原版微软winxpsp3  系统之家winxpsp3  深度winxpsp3v27  最新winxpsp3.gho