GhostX9 writes "Tom's Hardwarerecently interviewed security expert Joanna Rutkowska. Many think that kernel rootkits are the most dangerous attacks, but Joanna and her team have been studying exploits beyond Ring 0 for some time. Joanna is most well known for the red pill/blue pill virtualization attack (Ring -1) and in this interview chats a little bit about Ring -2 and Ring -3 attacks that go beyond kernel rootkits. What's surprising is how robust the classic BluePill proof-of-concept is:
'Many people tried to prove that BluePill is "detectable" by writing various virtualization detectors (but not BluePill detectors). They simply assumed that if we detect a virtualization being used, this means that we are "under" BluePill.This assumption was made because there were no products using hardware virtualization a few years ago. Needless to say, if we followed this way of reasoning, we might similarly say that if an executable makes network connections, then it must surely be a botnet.'"
This discussion was created for logged-in users only, but now has been archived.
No new comments can be posted.
Security Threats 3 Levels Beyond Kernel Rootkits 0 Comments More Login /
Get More Comments