Full Disclosure mailing list archives
Re: Full-Disclosure Digest, Vol 89, Issue 15 suspicion of rootkit (Alexandru Balan)
From: valdis.kletnieks () vt edu
Date: Thu, 12 Jul 2012 13:11:14 -0400
On Thu, 12 Jul 2012 18:47:53 +0200, phocean said:
- Volatility: anything has to sit somehow in the memory, so there is no way for it to escape from the analysis.
There's a number of attacks using the MTRR and IOMMU to cause the CPU to have a different view of memory. It is indeed possible for something to be sitting in memory but not be visible to *you* (while still being visible to something that didn't expect it to be visible, and thus delivering an exploit).
Attachment:
_bin
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Full-Disclosure Digest, Vol 89, Issue 15 suspicion of rootkit (Alexandru Balan), (continued)
- Re: Full-Disclosure Digest, Vol 89, Issue 15 suspicion of rootkit (Alexandru Balan) Kurt Buff (Jul 12)
- Re: Full-Disclosure Digest, Vol 89, Issue 15 suspicion of rootkit (Alexandru Balan) Григорий Братислава (Jul 12)
- Re: Full-Disclosure Digest, Vol 89, Issue 15 suspicion of rootkit (Alexandru Balan) valdis . kletnieks (Jul 12)
- Re: Full-Disclosure Digest, Vol 89, Issue 15 suspicion of rootkit (Alexandru Balan) phocean (Jul 12)
- Re: Full-Disclosure Digest, Vol 89, Issue 15 suspicion of rootkit (Alexandru Balan) Григорий Братислава (Jul 12)
- Re: Full-Disclosure Digest, Vol 89, Issue 15 suspicion of rootkit (Alexandru Balan) phocean (Jul 12)
- Re: Full-Disclosure Digest, Vol 89, Issue 15 suspicion of rootkit (Alexandru Balan) Григорий Братислава (Jul 12)
- Re: Full-Disclosure Digest, Vol 89, Issue 15 suspicion of rootkit (Alexandru Balan) phocean (Jul 12)
- Re: Full-Disclosure Digest, Vol 89, Issue 15 suspicion of rootkit (Alexandru Balan) Григорий Братислава (Jul 12)
- Re: Full-Disclosure Digest, Vol 89, Issue 15 suspicion of rootkit (Alexandru Balan) phocean (Jul 12)
- Re: Full-Disclosure Digest, Vol 89, Issue 15 suspicion of rootkit (Alexandru Balan) valdis . kletnieks (Jul 12)
- Re: Full-Disclosure Digest, Vol 89, Issue 15 suspicion of rootkit (Alexandru Balan) Григорий Братислава (Jul 12)