Impactpoint kernel-based-protection

705 views
692 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
705
On SlideShare
0
From Embeds
0
Number of Embeds
539
Actions
Shares
0
Downloads
1
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Impactpoint kernel-based-protection

  1. 1. YasinSURER The Kernel-based protectionSr.Security Researcher against physical attacks
  2. 2. ImpactPoints Founded in 2011 to provide software security and information security services Headquartered in Istanbul, Turkey. Well-known security experts in the industry. Advanced services we provide include • Application Security Testing • Source Code Review • Secure Software Development • Incident Response & Malware Analysis Lab • Penetration Testing • Training
  3. 3. About Me Yasin SURER Sr. Security Researcher – ImpactPoint ...interested in high-level technical details of security ...playing with the kernel I like Unix-based systems. IT Security Instructor yasin.surer@impactpoint.net
  4. 4. Overwiev Physical Memory Attacks and Forensics Dumpers and Sniffer How it works Memory Protection against ... Architecture-Dependent Conclusion ?
  5. 5. Physical Memory Attacks and Forensics Random Access Memory (RAM) Includes data segment Includes code segment Dependent on the operating system Live memory
  6. 6. Physical Memory Attacks and Forensics
  7. 7. Physical Memory Attacks and Forensics
  8. 8. Dumpers and Process Sniffers• Running process• Terminated process• Passwords• Files• Connection data• Adresses• Etc.
  9. 9. Dumpers and Process Sniffers
  10. 10. Dumpers and Process Sniffers
  11. 11. How it works ? Hey nigga, show me the...Oppss !
  12. 12. How it works ?
  13. 13. How it works ?
  14. 14. How it works ? DEMO
  15. 15. Kernel-Based: Memory Protection against..• Data Hiding• Anti-Dumper• Encryption...• Out of space• Or wipe them all out 
  16. 16. Kernel-Based: Memory Protection against..
  17. 17. Kernel-Based: Memory Protection against..
  18. 18. Kernel-Based: Memory Protection against.. Kernel Module but reaction ?
  19. 19. Kernel-Based: Memory Protection against..
  20. 20. Architecture - Dependent• Stored... Free Memory Pages• Free page table• Revise ? Offsets...• Well, space-range ?• Yes ! Revise the page !• Space size implementation
  21. 21. Architecture - Dependent
  22. 22. Architecture - Dependent
  23. 23. Architecture - Dependent
  24. 24. Conclusion Digital Forensics <> Data Recovery ?
  25. 25. Solutions Commercial Solutions ? info@impactpoint.net
  26. 26. Thank you... Any Questions ?

×