Upload File

impactpoint kernel-based-protection

26
The Kernel-based protection against physical attacks YasinSURER Sr.Security Researcher

Upload: impactpoint

Post on 16-Apr-2017

765 views

Category:

Technology


0 download

Report

TRANSCRIPT

Page 1: Impactpoint kernel-based-protection

The Kernel-based protection

against physical attacks

YasinSURER Sr.Security Researcher

Page 2: Impactpoint kernel-based-protection

ImpactPoints Founded in 2011 to provide software security and information

security services

Headquartered in Istanbul, Turkey.

Well-known security experts in the industry.

Advanced services we provide include

• Application Security Testing

• Source Code Review

• Secure Software Development

• Incident Response & Malware Analysis Lab

• Penetration Testing

• Training

Page 3: Impactpoint kernel-based-protection

About Me

Yasin SURER

Sr. Security Researcher – ImpactPoint

...interested in high-level technical details of security

...playing with the kernel

I like Unix-based systems.

IT Security Instructor

[email protected]

Page 4: Impactpoint kernel-based-protection

Overwiev

Physical Memory Attacks and Forensics

Dumpers and Sniffer

How it works

Memory Protection against ...

Architecture-Dependent

Conclusion ?

Page 5: Impactpoint kernel-based-protection

Physical Memory Attacks and Forensics

Random Access Memory (RAM)

Includes data segment

Includes code segment

Dependent on the operating system

Live memory

Page 6: Impactpoint kernel-based-protection

Physical Memory Attacks and Forensics

Page 7: Impactpoint kernel-based-protection

Physical Memory Attacks and Forensics

Page 8: Impactpoint kernel-based-protection

Dumpers and Process Sniffers

• Running process

• Terminated process

• Passwords

• Files

• Connection data

• Adresses

• Etc.

Page 9: Impactpoint kernel-based-protection

Dumpers and Process Sniffers

Page 10: Impactpoint kernel-based-protection

Dumpers and Process Sniffers

Page 11: Impactpoint kernel-based-protection

How it works ?

Hey nigga, show me the...Oppss !

Page 12: Impactpoint kernel-based-protection

How it works ?

Page 13: Impactpoint kernel-based-protection

How it works ?

Page 14: Impactpoint kernel-based-protection

How it works ?

DEMO

Page 15: Impactpoint kernel-based-protection

Kernel-Based: Memory Protection against..

• Data Hiding

• Anti-Dumper

• Encryption...

• Out of space

• Or wipe them all out

Page 16: Impactpoint kernel-based-protection

Kernel-Based: Memory Protection against..

Page 17: Impactpoint kernel-based-protection

Kernel-Based: Memory Protection against..

Page 18: Impactpoint kernel-based-protection

Kernel-Based: Memory Protection against..

Kernel Module but reaction ?

Page 19: Impactpoint kernel-based-protection

Kernel-Based: Memory Protection against..

Page 20: Impactpoint kernel-based-protection

Architecture - Dependent

• Stored... Free Memory Pages

• Free page table

• Revise ? Offsets...

• Well, space-range ?

• Yes ! Revise the page !

• Space size implementation

Page 21: Impactpoint kernel-based-protection

Architecture - Dependent

Page 22: Impactpoint kernel-based-protection

Architecture - Dependent

Page 23: Impactpoint kernel-based-protection

Architecture - Dependent

Page 24: Impactpoint kernel-based-protection

Conclusion

Digital Forensics <> Data Recovery ?

Page 25: Impactpoint kernel-based-protection

Solutions

Commercial Solutions

? [email protected]

Page 26: Impactpoint kernel-based-protection

Thank you...

Any Questions ?


Kernel based data fusion

Linux Kernel Self-Protection Project (and how we’re trying ... · Agenda Background – Kernel Self Protection Project – C as a fancy assembler Towards less dangerous C – Variable

Kernel-Based Distance Metric Learning for Content-Based ...repository.ust.hk/ir/bitstream/1783.1-2971/1/paperKernel.pdf · Kernel-Based Distance Metric Learning for Content-Based

Kernel Protection Using Hardware- Based Virtualization€¦ · Benefits of Virtualization-Based Kernel Protection More monitoring and isolation capabilities in virtualization than

Kernel-Based Association Test - Home | Genetics

Kernel-Based Methods for Hypothesis Testing: A Unified … · Kernel-Based Methods for Hypothesis Testing: A ... Kernel-Based Methods for Hypothesis Testing ... detection is to build

Survey on Kernel-Based Relation Extraction...Kernel-based methods (Collins & Duffy, 2001), in turn, devise kernel functions that are most appropriate for relation extraction and apply

Subverting Windows 2003 SP1 Kernel Integrity Protection

Analyzing and Improving Linux Kernel Memory Protection

DETERMINATION OF HYPER-PARAMETERS FOR KERNEL BASED ... · for kernel based methods. Support vector classification, kernel logistic regression and support vector regression are considered

Countering Kernel Rootkits with Lightweight Hook Protection

Countering Kernel Rootkits with Lightweight Hook Protection

kGuard : Lightweight Kernel Protection against Return-to-user Attacks

Practical Protection of Kernel Integrity for Commodity OS from

Memory Protection: Kernel and User Address Spaces

Rootkit 102 - Kernel-Based Rootkit

Bounded Kernel-Based Online Learning · A common problem of kernel-based online algorithms, such asthe kernel-based Perceptron algo-rithm, is the amount of memory required to store

Support Vector Machines and Kernel Based Learning · 2007. 9. 6. · Kernel based learning: interdisciplinary challenges SVM & kernel methods linear algebra mathematics statistics

Kernel Protection Using Hardware- Based Virtualizationevents17.linuxfoundation.org/sites/events/files/slides/Kernel... · information in this document is provided in connection with

Status of the Kernel Self Protection Project

Kernel-based Virtual Machine - Theseus

A Study on Kernel Memory Protection and Application Traffic ...ousar.lib.okayama-u.ac.jp/files/public/5/58505/... · A Study on Kernel Memory Protection and Application Traffic Monitoring

KERNEL-BASED ENERGY OPTIMIZATION IN GPUS

Kernel Self-Protection Project

Kernel Data Integrity Protection via Memory Access …...Kernel Data Integrity Protection via Memory Access Control Abhinav Srivastava Ikpeme Erete Jonathon Giffin School of Computer

An introduction to kernel-based learning algorithms ...wainwrig/stat241b/kernel_survey.pdf · kernel feature spaces and then proceed to kernel based learning in supervised and unsupervised

Kernel-based machine learning methods

Kernel-based Virtual Machine

Kernel-based Virtual Machine Technology - Fujitsu...Kernel-based Virtual Machine Technology Yasunori Goto The kernel-based virtual machine (KVM) has been attracting attention in recent

Aionescu Subverting w2k3 Kernel Integrity Protection

A Study on Kernel Memory Protection and …eprints.lib.okayama-u.ac.jp/files/public/5/58505/...A Study on Kernel Memory Protection and Application Traffic Monitoring for Information

Memory Protection: Kernel and User Address Spacesdiesburg/courses/cs3430_sp14/sessions/s12... · 2014. 2. 23. · Memory Protection: Kernel and User Address Spaces . Sarah Diesburg

RESEARCH ARTICLE Open Access Walk-weighted …four kernel methods: predicate kernel and walk kernel (feature-based), dependency kernel (structure-based ker-nel), and hybrid kernel

WinKVM: Windows Kernel- based Virtual Machine

KVM Kernel Based Virtual Machine