impactpoint kernel-based-protection
TRANSCRIPT
ImpactPoints Founded in 2011 to provide software security and information
security services
Headquartered in Istanbul, Turkey.
Well-known security experts in the industry.
Advanced services we provide include
• Application Security Testing
• Source Code Review
• Secure Software Development
• Incident Response & Malware Analysis Lab
• Penetration Testing
• Training
About Me
Yasin SURER
Sr. Security Researcher – ImpactPoint
...interested in high-level technical details of security
...playing with the kernel
I like Unix-based systems.
IT Security Instructor
Overwiev
Physical Memory Attacks and Forensics
Dumpers and Sniffer
How it works
Memory Protection against ...
Architecture-Dependent
Conclusion ?
Physical Memory Attacks and Forensics
Random Access Memory (RAM)
Includes data segment
Includes code segment
Dependent on the operating system
Live memory
Dumpers and Process Sniffers
• Running process
• Terminated process
• Passwords
• Files
• Connection data
• Adresses
• Etc.
Kernel-Based: Memory Protection against..
• Data Hiding
• Anti-Dumper
• Encryption...
• Out of space
• Or wipe them all out
Architecture - Dependent
• Stored... Free Memory Pages
• Free page table
• Revise ? Offsets...
• Well, space-range ?
• Yes ! Revise the page !
• Space size implementation