Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Full-Disclosure Digest, Vol 89, Issue 15 suspicion of rootkit (Alexandru Balan)

From: valdis.kletnieks () vt edu
Date: Thu, 12 Jul 2012 13:11:14 -0400
On Thu, 12 Jul 2012 18:47:53 +0200, phocean said:


- Volatility: anything has to sit somehow in the memory, so there is no
way for it to escape from the analysis.


There's a number of attacks using the MTRR and IOMMU to cause the CPU to have a
different view of memory.  It is indeed possible for something to be sitting in
memory but not be visible to *you* (while still being visible to something that
didn't expect it to be visible, and thus delivering an exploit).

Attachment: _bin
Description: 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: