Practical Evasion of Red Pill in Modern Computers
Year of publication
2022
Authors
Resh, Amit; Zaidenberg, Nezer; Kiperberg, Michael
Abstract
The blue pill is a malicious stealthy hypervisor-based rootkit. The red pill is a software package designed to detect blue pills or hypervisors in general. Ever since the blue pill was originally proposed, there has been an ongoing arms race between developers trying to develop stealthy hypervisors and developers trying to detect such stealthy hypervisors. Hypervisors can also be used for monitoring and forensic purposes, while malicious software may include a red pill component to discover such a hypervisor in order to evade it. This chapter discusses a practical approach to counter such malicious software by evading the red pill components.
Show moreOrganizations and authors
University of Jyväskylä
Zaidenberg Nezer
Publication type
Publication format
Article
Parent publication type
Compilation
Article type
Other article
Audience
ScientificPeer-reviewed
Peer-ReviewedMINEDU's publication type classification code
A3 Book section, Chapters in research booksPublication channel information
Journal/Series
Parent publication name
Publisher
Pages
461-473
ISSN
ISBN
Publication forum
Publication forum level
1
Open access
Open access in the publisher’s service
No
Self-archived
No
Other information
Fields of science
Computer and information sciences
Keywords
[object Object],[object Object],[object Object]
Publication country
Switzerland
Internationality of the publisher
International
Language
English
International co-publication
Yes
Co-publication with a company
No
DOI
10.1007/978-3-030-91293-2_20
The publication is included in the Ministry of Education and Culture’s Publication data collection
Yes