Dailydave mailing list archives
Microsoft on Hypervisor-based Rootkits
From: Irby Thompson <irby () sliphead com>
Date: Fri, 14 Sep 2007 11:06:36 -0500
From the horse's mouth:
http://www.microsoft.com/whdc/system/platform/virtual/CPUVirtExt.mspx Choice quote #1: "a rogue hypervisor can be detected using standard rootkit detection mechanisms because the [hypervisor-based] rootkit cannot protect itself from the operating system running on top of it" The golden nugget: "Rootkit developers have traditionally shown a strong desire to write code that runs in user mode rather than in kernel mode." That's news to me. -irby _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Microsoft on Hypervisor-based Rootkits Irby Thompson (Sep 14)